This policy is no longer being updated. The Azure Rightsize SQL Databases policy now includes this functionality and is the recommended policy for getting unused SQL recommendations.
This Policy template checks for Azure SQL Databases that are unused by reviewing the DB connections and delete them after user approval.
This Policy Template uses Credentials for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s).
- Azure Resource Manager Credential (provider=azure_rm) which has the following permissions:
Microsoft.Sql/servers/databases/readMicrosoft.Sql/servers/databases/metrics/readMicrosoft.Insights/metrics/readMicrosoft.Sql/servers/databases/delete*
* Only required for taking action; the policy will still function in a read-only capacity without these permissions.
- Flexera Credential (provider=flexera) which has the following roles:
billing_center_viewer
The Provider-Specific Credentials page in the docs has detailed instructions for setting up Credentials for the most common providers.
This policy gets a list of Azure SQL Databases and uses the DB Connection metric to check for successful connections over a 30-day period. If there are no successful DB Connections the policy will terminate the SQL databases after the user approval.
The policy includes the estimated savings. The estimated savings is recognized if the resource is terminated. Optima is used to receive the estimated savings which is the product of the most recent full day's cost of the resource * 30. The savings is displayed in the Estimated Monthly Savings column. If the resource can not be found in Optima the value is 0.0. The incident message detail includes the sum of each resource Estimated Monthly Savings as Total Estimated Monthly Savings.
If the user is missing the minimum required role of billing_center_viewer or if there is no enough data received from Optima to calculate savings, appropriate message is displayed in the incident detail message along with the estimated monthly savings column value as 0.0 in the incident table.
This policy has the following input parameters required when launching the policy.
- Email addresses to notify - Email addresses of the recipients you wish to notify when new incidents are created
- Exclusion Tag Key - Azure-native SQL Database tag key to ignore databases. Only supply the tag key. The policy assumes that the tag value is irrelevant.
- Azure Endpoint - Azure Endpoint to access resources
- Subscription Allowed List - Allowed Subscriptions, if empty, all subscriptions will be checked
- Automatic Actions - When this value is set, this policy will automatically take the selected action(s).
Please note that the "Automatic Actions" parameter contains a list of action(s) that can be performed on the resources. When it is selected, the policy will automatically execute the corresponding action on the data that failed the checks, post incident generation. Please leave it blank for manual action. For example if a user selects the "Terminate Instances" action while applying the policy, all the instances that didn't satisfy the policy condition will be terminated.
- Sends an email notification
- Delete unused SQL Databases after approval
- Azure
This policy does not incur any cloud costs.