Cloud Cost Policies With Open Policy Agent And Sentinel

ByHassan Khajeh Hosseini Posted on

Today, we are excited to release an integration between Infracost and Open Policy Agent (OPA), HashiCorp Sentinel and Conftest. This enables DevOps teams to set policies on cost estimates before resources are launched.

Today, we are excited to release an integration between Infracost and Open Policy Agent (OPA), HashiCorp Sentinel and Conftest. This enables DevOps teams to set policies on cost estimates before resources are launched. For example, you can write three policies to provide guardrails: if the changes to Terraform increase the total cost more than 15%, or the instance cost per hour increases more than $2/hour or if the IOPS cost more than the instances, then the change needs to be approved by the team lead.

This feature is a great addition to your developer workflow. It enables self-service of infrastructure for your team and the wider engineering organization by creating the guardrails needed to stay within an acceptable cloud infrastructure budget. Everyone wants to make the right choice, but it’s hard to choose between services without cost information. As one of our users put it: if you tell the team we need to get from point A to B, then offer them a Ford or a Ferrari with no price tag, guess what? Most people will choose the Ferrari.

Many companies have been using after-the-fact alerts and cloud cost management reports from their cloud providers and 3rd parties, but ask any engineer and they will tell you that it is distracting, hard and time-consuming to retro fix infrastructure after something has gone to production. You need to catch costly components earlier in the process, ideally in Continuous Integration / Continuous Delivery (CI/CD) as part of the code review process.

Infracost is an open source project which sits in the CI/CD pipeline and combined with policy engines can provide these guardrails at the right time, directly in the developer workflow. Here is an end to end demo of the Infracost and Open Policy Agent integration:

You can get this up and running using our policy example in less than 15 mins, start here: Infracost Docs

This capability is also live in our partner products: Env0SpaceLiftScalr;

Hassan has worked in cloud costs for over 10 years. He was the co-founder of one of the first cloud cost management products in 2011, which was acquired and is now part of the Flexera cloud cost management product.
He is a co-founder and CEO of Infracost - focusing on shifting cloud costs / FinOps left into developer workflows.

Similar Posts

Cloud cost alerts are too late: trigger notifications before launching

Cloud cost alerts are too late: trigger notifications before launching

Most cloud providers enable users to set budget alerts on their actual cloud spend. This is a critical safety net as usage-based resources could incur a lot of cost (e.g. data transfer). There is also another safety net that companies should set up, and that is catching significant cost changes to their infrastructure before going…

Cloud Costs Are Shifting Left

Cloud Costs Are Shifting Left

“Shift left” has become a popular buzzword for both Software Engineering and DevOps. It means introducing processes earlier in the software development cycle. The “shift left” principle started with testing. In a traditional waterfall model testing is performed just before release. Shift left testing started it earlier by introducing practices such as Test-Driven Development (TDD)…

How Eagle.io Achieves Cloud Cost Attribution For Their Multi-Tenant SaaS

How Eagle.io Achieves Cloud Cost Attribution For Their Multi-Tenant SaaS

I sat down with David Julia, who is the Head of Engineering at Eagle.io to talk about cost attribution, why it matters, who should care and how Eagle.io achieves this. We worked through their use-case, their tech stack, the tools they use, what worked and what did not work, and ultimately how they have achieved cloud cost attribution….