This policy is no longer being updated. CPU and memory usage data can now be obtained from Azure resources without the need for Log Analytics. The Azure Rightsize Compute Instances policy now includes this functionality and is the recommended policy for getting recommendations for inefficient instance utilization.
This Policy Template uses performance metrics from Log Analytics from the last 30 days to identify underutilized instances and provides rightsizing recommendations. Once recommendations are generated, instances can be rightsized in an automated manner or after approval. This is meant to be run as a weekly policy.
- This policy identifies all instances reporting performance metrics to Log Analytics whose CPU or Memory utilization is below the thresholds set in the Average used memory percentage and Average used CPU percentage parameters. Once recommendations are generated, instances can be rightsized in an automated manner or after approval.
- The Exclusion Tag Key parameter is a string value. Supply the Tag Key only. Tag Values are not analyzed and therefore are not need. If the exclusion tag key is used on an Instance, that Instance is presumed to be exempt from this policy.
This policy has the following input parameters required when launching the policy.
- Average used memory percentage - Utilization below this percentage will raise an incident to tag the instance. Providing -1 will turn off this metric for consideration.
- Average used CPU percentage - Utilization below this percentage will raise an incident to tag the instance. Providing -1 will turn off this metric for consideration.
- Timespan - The timespan over which to query the data
- Exclusion Tag Key - An Azure-native instance tag to ignore instances that you don't want to consider for downsizing. Only supply the tag key
- Email addresses of the recipients you wish to notify - A list of email addresses to notify
- Automatic Actions - When this value is set, this policy will automatically take the selected action(s).
- Subscription Allowed List - Allowed Subscriptions, if empty, all subscriptions will be checked
- Log to CM Audit Entries - Boolean for whether or not to log any debugging information from actions to CM Audit Entries, this should be left set to No on Flexera EU
Please note that the "Automatic Actions" parameter contains a list of action(s) that can be performed on the resources. When it is selected, the policy will automatically execute the corresponding action on the data that failed the checks, post incident generation. Please leave it blank for manual action. For example, if a user selects the "Downsize Instances" action while applying the policy, all the resources that didn't satisfy the policy condition will be downsized.
- Sends an email notification
- Resize virtual machines after approval
Azure Service Principal (AKA Azure Active Directory Application) with the below mentioned role and permission are required in the target subscription.
Virtual Machines must have the Log Analytics/OMS Agent installed for sending performance metrics to a Azure Log Analytics workspace.
This policy uses credentials for connecting to the cloud -- in order to apply this policy you must have a credential registered in the system that is compatible with this policy. If there are no credentials listed when you apply the policy, please contact your cloud admin and ask them to register a credential that is compatible with this policy. The information below should be consulted when creating the credential.
For administrators creating and managing credentials to use with this policy, the following information is needed: Two provider tags needs to be created using the same credentials for running this policy.
Provider tag value to match this policy: azure_rm and azure_log
Required role and permission in the provider:
Role:
Permission:
- Azure Resource Manager
By default, this policy calculates utilization over a 30 days period.
To calculate over a different period of time, you can update the policy template.
Replace the 30 wherever you see query "timespan","P30D" with the new number of days you want to use.
This policy template does not incur any cloud costs.