Some Azure resource spending creeps up month after month and can end up costing you more than you ever expected or budgeted for. Avoid surprises in your cloud spending with these Azure cost control best practices.
Moving your organization’s workload from on-prem to the cloud can save you a lot of money since you won’t need to pay for physical servers and other infrastructure. It should help you save on your regular operational costs, too, because you only need to pay for the resources you’re using.
But once you’ve been in the cloud for a while, you’ll probably notice your costs creeping up and up every month.
This can be a positive sign that your business is growing, but it can also signal that you’re spending more on Azure resources than you need to. But how do you figure out whether your Azure spending is increasing each month because of growth or because you’re paying more than you need to? If it’s the latter, how can you troubleshoot an Azure bill that’s higher than you expected?
In this blog, we’re going to discuss resources that can cause unnecessary increases in your Azure bill. In our experience, Azure Storage, Log Analytics, and Application Insights can incur some of the sneakiest costs, and we’ll explain why and how to manage them in the future.
This is the second blog in a 3-part series on Azure cost surveillance. You can read the first blog on cost efficiency habits to implement in your team or the third blog on Azure policies that help you control your costs for more Azure cost best practices.
Ensure external users have access to the right things in Teams.
How to manage Azure storage account costs
Azure offers different types of storage for data, disks, files, messaging, and more. Azure storage accounts have lots of great features, like security through encryption, durability with redundancies across hardware, and accessibility from anywhere in the world through HTTP or HTTPS.
Most importantly, storage accounts are designed to scale considerably to suit your needs.
Creating a storage account in Azure
This means that if you create a storage account to hold files from a particular department in your organization, you’ll never have to worry about hitting a size limit.
The problem is that we usually remember when to add more files—or, more like, we have an automated system sending files to particular storage accounts—but we often forget to remove old or redundant files.
Keeping your stored Azure files in check
Over time, the amount of data you accrue and so the size of your storage containers will increase and increase, especially if you don’t routinely clean them out for redundant or unneeded data. This can really accumulate, which means that the rise in your Azure costs will, too. It may start slow, but the high storage costs can sneak up on you.
With storage accounts, it’s rare that you’ll have a real anomaly in your Azure spending, like an increase of 1TB in your storage account over a day. Instead, storage costs tend to add up a little bit each day and each month until you’re way overpaying for your needs.
When you start you may only be using 200GB of storage, which will only cost you about 5$ per month in storage. But 200GB soon becomes 2TB, which quickly becomes 20TB, and 20 TB runs you about 450$ per month.
People are usually shocked, first because it’s so expensive and second because it’s hard to imagine gathering 20TB of data. But in a world of digital workplaces with cheap storage and where data is king, people tend to hoard everything.
If you develop an application and set it up so that the app’s data is put in an Azure blob, chances are the complexity and the expected availability of today’s apps often puts data storage costs in the back of developers’ minds. If the app is running smoothly, they probably don’t think about whether or not the storage costs associated with the app are growing substantially.
Azure has a new governance policy that allows you to manage the lifecycle of your storage blobs. This policy lets you convert blobs to a cooler (i.e. slower and less expensive) tier, delete blobs at the end of their lifecycles, and more.
Taking the time to implement these types of policies and consider which of your storage accounts can be transitioned to cooler tiers or deleted over what kind of time period can help ensure you’re not overpaying for data you don’t need.
Keep bandwidth in mind when budgeting for Azure storage costs
Another aspect of Azure Storage pricing that can catch people by surprise is bandwidth. When you push something into an Azure data center, it’s called ingress—and it’s always free in Azure.
When data leaves a data center— either flowing to the internet or from one Azure region to another—it’s called egress. That’s where your bandwidth fees come in.
Azure gives each organization 5GB of free egress bandwidth each month, but after that you start racking up costs. This is something that we don’t always take into account with Azure Storage. We consider the pricing of the type of storage service and the price for the size of the container, but not the cost of its bandwidth over time or the operations costs of asking the storage account to save or update a bit of data..
So, let’s say you’re running a website. You probably regularly check the number of visitors to your site, that all of your media displays properly, and that people can download your files. But you probably don’t check the data you have moving from the App Service hosting your website in one data center to the storage container housing it in another data center as frequently.
Ensure external users have access to the right things in Teams.
The first is to make sure you’re only sending data that you definitely need out of data centers.
Some people try minifying their script files, which removes all unnecessary characters from the code without altering its functionality. This can significantly reduce the length of your code (and so the size of your files), thereby reducing your spending on storage and bandwidth.
Bandwidth costs also differ by Azure region. If you want your app to have a global presence, you’ll want it to be deployed in several regions. It can be really helpful to consider bandwidth costs when planning out where your apps and storage containers will be deployed.
You can leverage Azure’s offering of free ingress by distributing your apps so that they’re local when requesting data from the closest data center.
It’s important to plan out your projects and try to budget them before getting started. If you’re already doing this—awesome! Chances are you’re creating budgets with the prices for things like CPU and memory in mind, but you may not be including the prices for networking and egress, which can mean you’ll go over budget without knowing why.
Plan for Azure Log Analytics pricing
Log Analytics workspaces are places where logs and diagnostic data from multiple resources can be gathered. They’re essentially databases in the cloud that allow you to analyze, visualize, and create alerts for your collected data.
So, any time that you take an action in Azure—creating a resource, scaling out a VM, etc.—it’s recorded to an activity log. You can then use kusto query language (the same language used for querying in Azure Resource Graph) to query several types of logs from different places in Azure.
The cost of your Log Analytics workspace typically depends on the pricing tier and solutions you use for it. But you can also accumulate costs based on how much data you retain over time.
If you’re performing a lot of actions in your Azure environment, then you’re going to build up a lot of data in the form of activity logs. Sometimes, you really need and use these logs for a long period of time. And sometimes, you don’t.
Similar to how storage costs can rise incrementally over time until you’re way overpaying for your storage needs, if you have a long retention period and high ingestion rate, you can end up overpaying for your Log Analytics workspaces.
Thankfully, Azure offers an automated solution for this through two different types of caps.
You can set caps for how many days you want to keep activity logs, and Azure gives you the first 31 days of retention for free. If you only need to keep your ingested data for a month, then you’ll be able to save a lot of money! If you need to keep logs for longer, you can retain them in Azure for two years for a fee.
Be sure that you set the retention cap for only as long as you actually need that information, and not longer. You can’t purge data manually through the Azure portal once it’s in your workspace, you would have to do it all through the REST API or Azure CLI yourself.
You can also set caps for how much data your workspaces can ingest in a day. This daily volume cap can help you manage unexpected spikes in data volume from resources so that you stay on track with your budget.
To create a daily volume cap in your workspace, select Usage and estimated costs in the menu on your left. Then select Usage details and then Data volume management to establish your caps.
Setting daily caps can help prevent Log Analytics spending spikes in Azure
This is great if you have lots of diagnostic data coming from deployments, automatic scaling, policies, VMs, and more where resources are expanding because then you don’t have to worry about your Log Analytics costs spiking along with them.
Caps can be a double-edged sword, though. When you limit how much data can be ingested you’re limiting cost increases, but you’re also limiting data that could help you understand why your usage is spiking.
If there’s a bug and actions are being taken in your Azure environment when they shouldn’t be, limiting the data that goes into your Log Analytics will save you on ingestion costs, but you might miss out on data that will help you fix the bug faster.
Fortunately, Azure will send you an alert when you’re nearing your volume cap, so if you set a high daily cap you should be able to limit your spending from getting too out of hand while still retaining the information you need to understand, analyze, and troubleshoot issues in your environment.
One of the best aspects of working in the cloud is the ability to easily scale. And typically, when we do scale up and out, we take the price of the larger service tier or storage container into account—but we rarely include the increased cost of Log Analytics in our budgets. That’s why it can cause surprises in your Azure bill.
Understand your Azure Application Insights spending
Azure Application Insights is an application performance monitor (APM) within Azure Monitor. It detects performance anomalies in your applications and offers analytics tools to help you understand how users interact with your app and to fix issues that arise.
It’s similar in some ways to Log Analytics; both sit within the Azure data explorer and both use the same query and ingestion engines. The difference is that Log Analytics gives you information about actions taken in Azure whereas Application Insights gives you data related to web analytics and code-level application performance.
For instance, Application Insights can give you data on page views, HTTP requests, trace logs, custom events, and more. You can even get live metrics through Application Insights to give you real-time numbers. All of this gives you great visibility over your app.
Application Insights is billed based on the volume of data that your app sends—which is based on your Azure Log Analytics data ingestion rates, as well as the number of web tests you run.
Application Insights ingested data is retained for free for 90 days. As with Log Analytics, you can choose to increase your retention to up to two years, which will then increase your costs.
Just like with Log Analytics, you can create a daily cap with warning notifications when your Application Insights ingested data volume rises above the threshold you set. To set the Application Insights daily cap, go to the Configure section of your Applications Insights resource, and under Usage and estimated costs, select Daily cap.
Application Insights daily caps also have warning notifications so you can stay on top of your Azure spending
Because Application Insights can collect and deliver so many different kinds of data at such large quantities, Azure created a feature called Adaptive Sampling to help reduce the amount of data and messages being sent to Application Insights.
The goal of adaptive sampling is to combine similar logs or HTTP requests by sending you one representative sample of your data. This can be a big help with reducing the amount of data ingested in Application Insights, but if there is a problem with your application, it can also make troubleshooting harder.
If you’re trying to trace a request across multiple services, only having one log for that request can make finding the information you’re looking for pretty complicated.
So as with caps, this service can both help and hinder you depending on the situation. But if you have a high enough volume of similar logs, it could help with cost reduction.
It’s sometimes hard to calculate and estimate what your Application Insights costs might be, but remembering how quickly ingestion and retention costs can rack up and making use of caps and sampling can help ensure you’re spending your money in Azure wisely.
Spending spikes can be easier to find than creeping costs
With a bug in your application, usage of any Azure resource can spike and catch you off guard when you review your next invoice or monitor your resources usage. Bugs happen, and they’re usually pretty noticeable in your Azure spending if you’re looking for them.
What’s a lot harder to identify are the creeping costs that increase month over month—they’re small enough to go undetected as an anomaly, but so consistent that after a couple of months you can wind up paying three times more for a service than you actually need to.
In our experience helping IT professionals manage their cloud environments, Azure storage accounts, Log Analytics, and Application Insights are three of the sneakiest resources when it comes to Azure cost surprises.
So while you analyze your past spending, monitor your current usage, and create estimates for your future spending, don’t forget to take often-overlooked egress, ingestion, and retention costs into consideration.
Ensure external users have access to the right things in Teams.
Get full visibility into who’s shared what with whom, and automate external sharing reviews so they’re performed on an ongoing basis.