How prebuilt functions make enforcing budgets easier

Controlling costs is one of the top concerns of most businesses. The cloud has resulted in seismic shifts in the economic model for IT infrastructure expenditure. The decentralized nature of the cloud has made it easy for businesses to scale rapidly and, as an unfortunate side effect, made them increasingly susceptible to exceeded budgets and runaway costs. This problem is so prevalent that it has resulted in the birth of the financial DevOps, or FinOps, movement.

The FinOps maturity model identifies automated controls and solutions as one of the key cornerstones of an organization’s implementation of the FinOps framework. One of my previous blog posts illustrated how Oracle Cloud Infrastructure (OCI) helps you implement automated controls by enforcing budgets using quotas and functions. This implementation required users to be knowledgeable in creating a function and all the supporting components to make it work.

Announcing the launch of prebuilt functions to significantly reduce this friction. Prebuilt functions offer the power of automation of the OCI Functions service to all OCI users without having to write, build, and maintain any code. This new capability provides ready-to-use functions that you can use to run various cloud operations.

You don’t need to write any code or maintain it. You can simply discover a prebuilt function, configure it, and deploy it to OCI Functions with a single click or by API if you prefer. Predefined triggers invoke this function based on an event or an API request to run a specific task or action for which it is built. One of the prebuilt functions available to you is the zero-quota policy creator that you can trigger using a budget to prevent the creation of other resources when a spending threshold has been breached.

This blog walks you through the simple three-step recipe for creating enforced budgets.

Create your budget and alert

You can access budgets from the Cost Management section under Billing & Cost Management in the Oracle Cloud Console. Click the Create Budget button and follow the instructions to create a budget and an alert on the budget. Budgets follow a monthly cadence, and you can set them to begin on a day of the month that best fits your business needs.

Copy the OCID of the budget that you create because you need it for creating an Events service rule later. You can get this information by clicking the budget on the Budgets page and selecting the Copy link next to the OCID.

Deploy the prebuilt function

You can deploy the zero-quota policy creator prebuilt function from the Pre-Built Functions page under Developer Services and Functions. Select the specific prebuilt functions from the catalog displayed on this page.

This selection navigates you to the details page of the prebuilt functions. Click the Create function button on this page.

A side panel opens for you to fill out more details. You can associate the function you’re creating with an existing application or create one from this panel. This window also gives you the opportunity to automatically create the Identity and Access Management (IAM) policies you need for this function to work. Click the Create button.

Create a rule

Events are structured messages the services emit on state changes that you can use to trigger automation. You can access Events rules under Observability & Management, Events Service, and selecting Rules in the Console. A rule is a combination of conditions and actions. You can set conditions at an event type, attribute, or a filter tag.

To add conditions to match the event type TriggeredAlert, create the condition from the service name budget. Attribute the budgetId matching the OCID that you copied in the first step. To add actions, set the action type to Functions and select the name of the function that you want to trigger.

Result

When the budget alert is triggered, you can see a quota policy under Governance & Administration, Tenancy Management, and Quota Policies in the Console. The quota policy resource is prefixed with BUDGETS_ZERO_QUOTA.

The details of the quota policy show the zero-quota policy statements scoped against the target compartment of the budget that triggered the prebuilt function.

As a result of this policy, you can prevent the creation of resources in the target compartment. Anyone who tries to create resources after crossing the budget can’t and sees a message notifying them that the compartment quota was exceeded.

Try it yourself

Controlling costs of their cloud infrastructure is one of the top concerns of most businesses. You can use this simple recipe to implement strict controls on your budgets in your OCI environment and achieve automated and proactive cost governance. Use the easy-to-implement prebuilt functions to further mature in your FinOps journey.

For more best practices, solution playbooks, and cross-product reference architectures, visit our reference architecture center. Share your feedback in the comments and let us know how we can continue to improve your experience on Oracle Cloud Infrastructure.