In software development, there is a common approach known as ‘shift left’. This approach involves moving tasks and processes earlier in the software development lifecycle, which helps identify and address issues at an earlier stage.
One area where ‘shifting left’ can be particularly effective is in reducing cloud infrastructure costs. By identifying and addressing infrastructure-related issues early in the development process, organisations can save significant amounts of money and improve the overall quality of their software.
Some ways organisations can integrate FinOps into their development lifecycle include:
- Educating the team
- Setting cost targets
- Monitoring cloud costs
- Using cost allocation
- Implementing cost controls
Despite the fact that all of these measures are highly important, they are often laborious and time-consuming, or are enforced only after the cost has already been incurred.
Another approach to managing infrastructure costs is incorporating automated checks into the CI/CD pipeline. In this article, we will explore the benefits of utilising a tool called Infracost, which allows us to make informed decisions in advance as part of the pull request process.
Automated CI Workflow
Visualise the below workflow as part of your development:
- Developer makes changes to infrastructure code and creates a pull request
- Upon creating the pull request, a continuous integration pipeline is initiated, which computes the variance in cloud costs before and after the proposed changes.
- The pipeline fails if the cost change exceeds the predefined policy threshold
- A comment is added to the pull request with the cost changes displayed in a tabular format along with detailed resource level cost and shares HTML report with the team via CI artifact or slack
Introducing Infracost
Infracost is an open source tool which helps to achieve the above mentioned workflow. It allows developers, DevOps engineers, and other stakeholders to estimate the costs associated with their cloud infrastructure in real-time.
Key features include:
- Infracost integrates with popular CI/CD pipelines and version control systems, making it easy to incorporate into existing workflows.
- It takes into account various factors that contribute to cloud costs, including the type and size of resources, the region in which they are deployed, and any associated data transfer costs.
- It provides cost breakdowns at a granular level. This enables organisations to identify the specific resources and regions that are contributing the most to their cloud costs.
Infracost Workflow
Here is a detailed, step-by-step workflow to successfully integrate Infracost into your project. By following these guidelines, you can effectively manage costs and optimise your resources for maximum cost efficiency.
- Developer creates a PR with new infrastructure code changes
- Automatically triggers a CI pipeline, Github Actions in our example
Github Actions - Checkout PR’s base branch, this is the branch where code has to be merged, most likely this would be `main`
- Run `infracost breakdown` command to get resource level cost and save the `json` output locally.
- Checkout PR compare branch, feature branch where infrastructure code changes have been made
- Run `infracost diff` command by passing the json file generated in step 4 as base file and save the cost difference output in another json file.
- Run `infracost output` command to generate `html` report from json diff file.
- Run `infracost comment github` command to add a comment in PR with cost difference details
Implementation Details
Code is available in the github.
Infracost Commands Explanation
infracost_breakdown
This command accepts infracost config and generates `json` output to show breakdown of costs, it can also be used to generate a baseline.
infracost breakdown \ |
infracost_diff
Show diff of monthly costs between current branch and baseline.
infracost diff \ |
infracost_output
Output Infracost JSON files to html report.
infracost output \ |
infracost_comment
Post cost estimates to pull requests in GitHub. You can either update an existing comment which means 1 comment per PR or can add a comment for an individual commit in PR.
infracost comment github \ |
Continuous Integration - Github Actions
CI is achieved using Github Actions. It runs below the actions:
- Checkout base branch
- Run infracost_breakdown
- Checkout compare branch
- Run infracost_diff
- Run infracost_report to generate html report
- Execute infracost_command
Important: If you are currently utilising the default GITHUB_TOKEN in Github Actions, please be aware that it only has read access and is unable to write comments on pull requests. In order to enable this functionality, it is necessary to add the following permissions.
permissions: |
Policy Checks
Infracost offers another crucial feature of enabling the inclusion of extra policies to review in the pull request. Example policies that can be set as:
- PR’s base and compare branch difference must not be higher than $10
- AWS instance hourly cost threshold to exceed
- AWS instance’s IOPs costs are above the base hourly cost of the instance
More information on policy can be found here.
package infracost |
The result of these policy checks can be seen in PR as below
Buildkite Pipeline
To ensure secure storage of Infracost API Key and Github Token, it is recommended to store them in AWS Secrets Manager.
To incorporate Infracost checks in the Buildkite pipeline, the following step can be added:
– label: “:terraform: Infracost Analysis” |
Limitations
At the time of writing, Infracost has following limitations:
- It only works with Terraform, and not with any other IaC tools such as CloudFormation or CDK. Here is the open issue list for new IaCs
CDK | https://github.com/infracost/infracost/issues/1872 |
CloudFormation | https://github.com/infracost/infracost/issues/190 |
Serverless | https://github.com/infracost/infracost/issues/1921 |
Pulumi | https://github.com/infracost/infracost/issues/187 |
- While new resources are continuously being added with each version release, it’s important to note that not all resources are currently supported. The list of all supported resources is available here
- Infracost has a limited scope in terms of the number of supported cloud providers. It currently supports popular providers such as AWS, Azure, and Google Cloud. However, if your infrastructure is spread across different cloud providers or if you are using a provider that is not currently supported, Infracost may not be able to provide accurate cost estimates for your resources.
- Infracost only provides estimates for the cost of your infrastructure resources, such as compute instances and storage, etc. It does not include other costs such as data transfer fees or licensing costs for third-party software.
Conclusion
This blog post has illustrated how to effectively shift your your cloud cost assessments left, thereby granting your developers the capacity to make financially-informed decisions. This approach allows them to take note of cost changes prior to their manifestation in the actual bill.
Always keep in mind that proactive measures in cloud cost management are more favourable than reactive ones. Therefore, it is wise to stay ahead and anticipate potential cost issues rather than responding to them after they have occurred.