Azure Cost Question - how to control.

Question

Hello - okay, so I am running through the various Learning Paths and Modules and am about 50% or so through the Azure Fundamentals.
I have created the resource groups, storage spaces, workspaces, private links, network gateways, firewalls, DNS zones, Key Vaults, LogAnalytics, Security Infrastructure, etc... as far as I have been able to and it seems solid to the point of being operational. I have not yet uploaded the data tables, or conformed them to migrate. Secure Score is high 90's, Compliance Score is high 80's, and a several different templates have been deployed from a variety of templates (HIPAA, CMS, HITECH, Privacy Acts, etc...) because of the industry standards. Sentinel has been deployed, Network Watchers, etc...

I set up an initial budget alert of $50 and $100 per month to eyeball the framework and see what and where the cost influences would be.....yes, that is a low amount considering, but again, I just want to eyeball the framework, with no data bases or tables inserted yet, to see what activity there is.

Initially, it was tracking $0.04 per month, $0.09, $0.18, then started moving a little more, but not much, when I started to construct the flows. I think it got to around $4/month.

Then, it appears it was a DDOS Protection flow I deployed, and it was in the Security resource group, where my costs just went straight up. Before I started troubleshooting, it had gone from the $4/month cost forecast, to around $8k/month....within around 2 days.

I have a strong understanding it is in the DDoS Protection area. And there were approximately 30 or so DNS that I had uploaded at that point.

My question is - how should I efficiently narrow in on the area where this "moonshot" in cost has been? If it is the DDoS Protection area, any guidance regarding what I can/should look at in order to curtail this, maybe with a switch type function, before anything is even loaded? Maybe throttle whatever it is?

Also - adding this in, and not sure how relevant it would be.
I did check the Azure Advisor, and there were no recommendations at all....I thought that was interesting, but then again, maybe not, partly because the migration of data had not yet been deployed.

Thank you so much.....very much appreciated.

Answer 1

Hello @jaggermaren ,
Thank you for reaching out and apologies for the delayed response here.

Based on your questions above.

My question is - how should I efficiently narrow in on the area where this "moonshot" in cost has been?

You go through the Cost analysis section in Azure Portal to check which resource is charging you the most. The section is located in Cost Management + Billing > Cost Management > Cost analysis where you can view forecasted costs for a single service. You can follow this documentation here.

If you have any specific questions related to Billing. Azure provides Billing and subscription management support to all customers. You can raise a free ticket here.

If it is the DDoS Protection area, any guidance regarding what I can/should look at in order to curtail this, maybe with a switch type function, before anything is even loaded? Maybe throttle whatever it is?

This surge in cost might be due to Azure DDOS Protection standard as it has a charge of $2,944/month. If you don't intend to use this DDoS protection plan, you should remove resources related to it to avoid unnecessary charges. In order to delete a DDoS protection plan, you must first dissociate all virtual networks from it. You can search for DDOS Protection plans in the Azure portal to locate this plan.

If you wish to have DDoS protection plan in the later stage when your resources are ready, you can enable your DDOS protection plan on an existing Virtual Network.

If it helps you can also take a look at the new DDoS IP Protection SKU, Pricing for this SKU will go into effect on November 1, 2022.

Hope this helps! Please let us know if you have any additional questions. Thank you!