Azure Landing Zones II.
Table of Contents
Azure Landing Zones II. #
Continuing from the previous post, here is the next part of the series.
Cost considerations #
Before we start to madly creating resources, let’s take a look at the cost.
In my case I have decided to manage budgeting and cost viewing via Terraform as well. Admittedly, during the process there were a few snags, and I was close to giving it up, but eventually I got to a state with which I and managemed are mutually satisfied.
A little inspiration #
I will be honest, writing a module that handles the consumption reports from scratch was something I started - and got to relatively working state on budgets…on cost views a little less so - but eventually I shamelesly took “inspiration” from this repository. So big thank you for the Gravicore Team! (not related / know the company by the way)
The only change that I did, is ensuring we use up-to-date providers, as the modules seem to be a bit outdated.
Use the modules now #
Right, so now that I have this module not too far from the deploymnent, and configured providers and backend (see previous post), I also added a module to help me with conforming Azure naming conventions:
module "naming" {
source = "Azure/naming/azurerm"
}
What this module does is sufficiently explained here
Variables #
To make life easier, I set some general variables for the project:
variable "location" {
type = string
default = "northeurope"
description = "Azure region where resources will be created"
}
variable "tags" {
description = "Tags for this project"
default = {
DomainName = "BCMG.centre"
Domain = "BCMG"
ManagedBy = "Terraform"
}
type = map(string)
}
variable "environment" {
type = string
default = "prod"
description = "Environment where resources will be created"
}
variable "location_short" {
type = string
default = "ne"
description = "Short version of location for resource names"
}
variable "cost_management_recipient_emails" {
type = list(string)
default = [< list of emails >]
description = "values for cost management recipient emails"
}
variable "cost_management_sender_email" {
type = string
default = "< another email >"
description = "values for cost management sender email"
}
Now to the fun part #
Ok, so now we have the boilerplate, and the module. Here is the deployment of my consumption report:
/* -------------------------------------------------------------------------- */
/* Locals */
/* -------------------------------------------------------------------------- */
locals {
/* -------------- # Connectivity configuration for cost management -------------- */
target_connectivity_up = "Connectivity"
target_connectivity_low = "connectivity"
target_connectivity_short = "conn"
connectivity_rg = "rg-conn-00-core-prod-ne"
connectivity = {
name = "${local.target_connectivity_short}-consumption"
resource_group_name = local.connectivity_rg
/* -------------------------------------------------------------------------- */
/* Subscription consumption budget configuration */
/* -------------------------------------------------------------------------- */
subscription_consumption_budget = {
"cbs-${local.target_connectivity_low}-01-${local.target_connectivity_short}-prod-${var.location_short}" = {
name = "cbs-${local.target_connectivity_low}-01-${local.target_connectivity_short}-prod-${var.location_short}"
amount = 200 # currency of the billing account, ie. EUR
# Time period for the budget
time_period = {
start_date = "2025-02-01T00:00:00Z"
}
# Notifications for budget thresholds
notifications = [
{
threshold = 10 # Test threshold, typically higher in production
threshold_type = "Actual" # Options: "Actual", "Forecasted"
operator = "GreaterThan" # Options: "GreaterThan", "LessThan", "EqualTo"
contact_emails = var.cost_management_recipient_emails
},
{
threshold = 80
threshold_type = "Actual"
operator = "GreaterThan"
contact_emails = var.cost_management_recipient_emails
},
{
threshold = 90
threshold_type = "Forecasted"
operator = "GreaterThan"
contact_emails = var.cost_management_recipient_emails
}
]
}
}
/* -------------------------------------------------------------------------- */
/* Cost anomaly alert configuration */
/* -------------------------------------------------------------------------- */
azurerm_cost_anomaly_alert = {
name = "caa-${local.target_connectivity_low}-01-${local.target_connectivity_short}-prod-${var.location_short}"
display_name = "${local.target_connectivity_up} Cost Anomaly Alert"
email_subject = "${local.target_connectivity_up} Cost Anomaly Alert"
email_addresses = var.cost_management_recipient_emails
}
/* -------------------------------------------------------------------------- */
/* Subscription cost management view */
/* -------------------------------------------------------------------------- */
# Cost management view configuration
subscription_cost_management_view = {
"cmv-${local.target_connectivity_low}-01-${local.target_connectivity_short}-prod-${var.location_short}" = {
name = "cmv-${local.target_connectivity_low}-01-${local.target_connectivity_short}-prod-${var.location_short}"
display_name = "${local.target_connectivity_up} Cost Management View"
chart_type = "StackedColumn" # Options: "Area", "GroupedColumn", "Line", "StackedColumn" and "Table".
#? "accumlated" means the columns or lines each day will show the accumulated value of the previous days. setting to false means the columns or lines will show the value of the day.
accumulated = false #Options: "true" or "false"
report_type = "Usage" # Options: "Usage"
#? timeframe is the time period for which the report will be generated.
timeframe = "MonthToDate" # Options: "Custom", "MonthToDate", "WeekToDate" and "YearToDate".
dataset = {
granularity = "Daily" # Options: "Daily", "Monthly"
aggregation = [
{
name = "cost" # Options: "Cost","CostUSD","totalCost","totalCostUSD","PreTaxCost","PreTaxCostUSD"
column_name = "Cost"
}
]
}
pivot = [
{
name = "ServiceName"
function = "Sum" # Options: "Sum", "Average", "Min", "Max", "Count"
column_name = "ServiceName"
type = "Dimension" # Options: "Dimension", "Measure"
},
{
name = "ResourceLocation"
function = "Sum"
column_name = "ResourceLocation"
type = "Dimension"
},
{
name = "ResourceGroupName"
function = "Sum"
column_name = "ResourceGroupName"
type = "Dimension"
}
]
}
}
/* -------------------------------------------------------------------------- */
/* Scheduled action for cost management reports */
/* -------------------------------------------------------------------------- */
cost_management_scheduled_action = {
"cmsa-${local.target_connectivity_low}-01-${local.target_connectivity_short}-prod-${var.location_short}" = {
name = "cmsa-${local.target_connectivity_low}-01-${local.target_connectivity_short}-prod-${var.location_short}"
display_name = "${local.target_connectivity_up} Scheduled Action"
view_identifier = "cmv-${local.target_connectivity_low}-01-${local.target_connectivity_short}-prod-${var.location_short}"
email_address_sender = var.cost_management_sender_email
email_subject = "Scheduled AZURE cost report - ${local.target_connectivity_up}"
email_addresses = var.cost_management_recipient_emails
frequency = "Daily" # Options: "Daily", "Weekly", "Monthly"
start_date = "2025-02-01T00:00:00Z"
end_date = "2025-03-01T00:00:00Z"
hour_of_day = 7 # Time of day to send the report
day_of_month = null # Day of the month to send the report (1-31)
days_of_week = null # Options: "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday"
# Other possible schedule options:
# For Weekly frequency:
# frequency = "Weekly"
# day_of_week = "Monday" # Options: "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday"
# hour_of_day = 7 # Time of day to send the report
# For Monthly frequency:
# frequency = "Monthly"
# day_of_month = 1 # Day of the month to send the report (1-31)
# hour_of_day = 7 # Time of day to send the report
}
}
}
}
/* -------------------------------------------------------------------------- */
/* Module call */
/* -------------------------------------------------------------------------- */
module "azurerm_consumption_connectivity" {
source = "../../modules/terraform-azurerm-consumption"
providers = {
azurerm = azurerm.connectivity
}
name = local.connectivity.name
resource_group_name = local.connectivity.resource_group_name
environment = var.environment
subscription_consumption_budget = local.connectivity.subscription_consumption_budget
azurerm_cost_anomaly_alert = local.connectivity.azurerm_cost_anomaly_alert
subscription_cost_management_view = local.connectivity.subscription_cost_management_view
cost_management_scheduled_action = local.connectivity.cost_management_scheduled_action
tags = merge(var.tags, {
CreationTimeUTC = timestamp(),
Environment = "PROD"
})
}
Yes. I know. It is aint pretty. But it works. Let me walk you through it.
Locals #
The locals are used to provide values for each execution of the module. In the showcased example this is for the ‘Connectivity’ subscription. I had to create for copies of this file, with generally minimal differences. Now initially I was planning to do with with a map object, and iterate through the map, but since the providers had to change for each subscription, I had to go with the approach above. A lot of repetition, open to future imprrovements.
Anyhow, lets see what is in the locals.
Generic configuration #
/* -------------- # Connectivity configuration for cost management -------------- */
target_connectivity_up = "Connectivity"
target_connectivity_low = "connectivity"
target_connectivity_short = "conn"
connectivity_rg = "rg-conn-00-core-prod-ne"
connectivity = {
name = "${local.target_connectivity_short}-consumption"
resource_group_name = local.connectivity_rg
Ideally this is the only part of the script that I would modify between subscriptions (copies). In this block I define different casing and a short version of the reference name of the subscription. I also define the resource group name, which is needed for the various consumption reports
Consuption budget #
subscription_consumption_budget = {
"cbs-${local.target_connectivity_low}-01-${local.target_connectivity_short}-prod-${var.location_short}" = {
name = "cbs-${local.target_connectivity_low}-01-${local.target_connectivity_short}-prod-${var.location_short}"
amount = 200 # currency of the billing account, ie. EUR
# Time period for the budget
time_period = {
start_date = "2025-02-01T00:00:00Z"
}
# Notifications for budget thresholds
notifications = [
{
threshold = 10 # Test threshold, typically higher in production
threshold_type = "Actual" # Options: "Actual", "Forecasted"
operator = "GreaterThan" # Options: "GreaterThan", "LessThan", "EqualTo"
contact_emails = var.cost_management_recipient_emails
},
{
threshold = 80
threshold_type = "Actual"
operator = "GreaterThan"
contact_emails = var.cost_management_recipient_emails
},
{
threshold = 90
threshold_type = "Forecasted"
operator = "GreaterThan"
contact_emails = var.cost_management_recipient_emails
}
]
}
}
- This section is something that I plan to keep the same between subscriptions. It determines the budget thresholds for the subscription.
- (The 10% is temporary, and will be removed eventually; made it only so alerts triggered)
here I skip the
anomaly_alertsection, since that is quite obvious and little worth exxplaining.
Cost management view #
The next major section is the cost management view.
# Cost management view configuration
subscription_cost_management_view = {
"cmv-${local.target_connectivity_low}-01-${local.target_connectivity_short}-prod-${var.location_short}" = {
name = "cmv-${local.target_connectivity_low}-01-${local.target_connectivity_short}-prod-${var.location_short}"
display_name = "${local.target_connectivity_up} Cost Management View"
chart_type = "StackedColumn" # Options: "Area", "GroupedColumn", "Line", "StackedColumn" and "Table".
#? "accumlated" means the columns or lines each day will show the accumulated value of the previous days. setting to false means the columns or lines will show the value of the day.
accumulated = false #Options: "true" or "false"
report_type = "Usage" # Options: "Usage"
#? timeframe is the time period for which the report will be generated.
timeframe = "MonthToDate" # Options: "Custom", "MonthToDate", "WeekToDate" and "YearToDate".
dataset = {
granularity = "Daily" # Options: "Daily", "Monthly"
aggregation = [
{
name = "cost" # Options: "Cost","CostUSD","totalCost","totalCostUSD","PreTaxCost","PreTaxCostUSD"
column_name = "Cost"
}
]
}
pivot = [
{
name = "ServiceName"
function = "Sum" # Options: "Sum", "Average", "Min", "Max", "Count"
column_name = "ServiceName"
type = "Dimension" # Options: "Dimension", "Measure"
},
{
name = "ResourceLocation"
function = "Sum"
column_name = "ResourceLocation"
type = "Dimension"
},
{
name = "ResourceGroupName"
function = "Sum"
column_name = "ResourceGroupName"
type = "Dimension"
}
]
}
}
- this is the view that is mostly meant for management to see the cost of the subscription
- I currently opted for daily cost views, which demonstrates the daily cost for each day
Cost management reports #
In this section I set up reports, so that management does not need to keep going to the Azure Portal to see the cost of the subscription. It gets delivered to their mailbox.
/* -------------------------------------------------------------------------- */
/* Scheduled action for cost management reports */
/* -------------------------------------------------------------------------- */
cost_management_scheduled_action = {
"cmsa-${local.target_connectivity_low}-01-${local.target_connectivity_short}-prod-${var.location_short}" = {
name = "cmsa-${local.target_connectivity_low}-01-${local.target_connectivity_short}-prod-${var.location_short}"
display_name = "${local.target_connectivity_up} Scheduled Action"
view_identifier = "cmv-${local.target_connectivity_low}-01-${local.target_connectivity_short}-prod-${var.location_short}"
email_address_sender = var.cost_management_sender_email
email_subject = "Scheduled AZURE cost report - ${local.target_connectivity_up}"
email_addresses = var.cost_management_recipient_emails
frequency = "Daily" # Options: "Daily", "Weekly", "Monthly"
start_date = "2025-02-01T00:00:00Z"
end_date = "2025-03-01T00:00:00Z"
hour_of_day = 7 # Time of day to send the report
day_of_month = null # Day of the month to send the report (1-31)
days_of_week = null # Options: "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday"
# Other possible schedule options:
# For Weekly frequency:
# frequency = "Weekly"
# day_of_week = "Monday" # Options: "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday"
# hour_of_day = 7 # Time of day to send the report
# For Monthly frequency:
# frequency = "Monthly"
# day_of_month = 1 # Day of the month to send the report (1-31)
# hour_of_day = 7 # Time of day to send the report
}
}
}
Puttiong it all together #
So now we have the locals explored, and it is time to call the module with this.
module "azurerm_consumption_connectivity" {
source = "../../modules/terraform-azurerm-consumption"
providers = {
azurerm = azurerm.connectivity
}
name = local.connectivity.name
resource_group_name = local.connectivity.resource_group_name
environment = var.environment
subscription_consumption_budget = local.connectivity.subscription_consumption_budget
azurerm_cost_anomaly_alert = local.connectivity.azurerm_cost_anomaly_alert
subscription_cost_management_view = local.connectivity.subscription_cost_management_view
cost_management_scheduled_action = local.connectivity.cost_management_scheduled_action
tags = merge(var.tags, {
CreationTimeUTC = timestamp(),
Environment = "PROD"
})
}
As you can see, the modules I keep a few levels up in my repository (see: source path). I also opted for a horibly long name for the module, something that I might adjust.
Any way, the important part is that, the module uses the parts of the locals. Obviously, the .connectivity. part also needs to be adjusted when targeting other subscriptions.