We kicked-off 2023 by doubling down on helping companies optimize cloud costs by assisting engineers directly in CI/CD workflows.
We started tracking cost savings from Guardrails. We also made Infracost run faster for by only running on changed directories, caching modules, and running projects in parallel. On top of that, we made numerous bug fixes to make Terragrunt support more robust, and released support for single sign-on.
Cost savings from Guardrails
Guardrails help you control costs by monitoring pull requests and triggering actions when your central defined budget thresholds are exceeded. Once you define a cost or percentage based threshold for the relevant repos, projects, and branches, you can specify actions including email or Slack or MS Teams notifications, or even commenting on or blocking pull requests.
Guardrails now show the cost savings that they prevented from being added to your cloud bill in the last 90 days. You can also see an audit trail of all pull requests that triggered a guardrail from the events page.
Faster Infracost runs
Engineers love fast CI/CD builds so in January we made three major changes to make Infracost run even faster. Give it a try, you’ll feel the speed improvements!
1. Only run changed directories
Previously Infracost parsed all Terraform/Terragrunt directories even though most usually do not change in a given pull request. Now the Infracost GitHub App has an option to only run changed directories, which means it can post the cost-diff pull request comment very quickly (usually less than a minute). Contact us if you’d like to try this. Infracost Cloud stitches together the results of all directories in the dashboard to show team leads, managers and FinOps practitioners the whole repository costs.
The GitHub App works with GitHub.com, GitHub Enterprise Cloud and GitHub Enterprise Server and has two key benefits over manual CI/CD integrations:
- Infracost runs significantly faster as only changed folders are run based on the GitHub App events.
- You can add Infracost to multiple repos with one click, no need to install or update CLI versions.
Furthermore, if you use Infracost Cloud:
- The pull request status (e.g. open, closed, merged) and metadata such as labels, merged by, and approved by are included in the dashboard filters and reports.
- Guardrails and centralized cost policies work without you needing to make changes in your CI/CD pipelines.
2. Module cache
Companies often use public and private modules to enable sharing of infrastructure-as-code between projects in a mono repo; for example a repo could share an AWS RDS database module in dev, stage and production projects with different input variables for the database instance type. Previously, the Infracost CLI would have downloaded the RDS module three times, once per project.
The Infracost CLI now adds one
.infracost folder at the working directory for a run, and not the sub-project directories. This means that modules shared between projects are cached and not downloaded again for that run, thus making the CLI much faster for mono repos and Terragrunt projects.
3. Project parallelization
infracost breakdown --path . would have triggered an auto-detect function that discovered all projects in the given repo. These projects were then processed in serial. The Infracost CLI now processes the projects in parallel, again making the CLI much faster to run for mono repos and Terragrunt projects.
Infracost has supported Terragrunt natively for a long time. Last month we worked with a few enterprises that had large Terragrunt repos and made numerous bug fixes to make runs more robust. We highly recommend Terragrunt users to use the GitHub App, or upgrade to the latest CLI version, to pickup these fixes.
Single sign-on (SSO)
Infracost Cloud now supports SSO! We added docs for Azure Active Directory, Okta, Google Workspace. Other SAML providers are also supported.
We also released many other improvements:
- Add support and fix bugs in the following cloud resources:
- AWS: new ap-southeast-4 region, Lambda ARM architectures, Config rules
- Azure: ZRS managed disks, SQL database, MS SQL, API management, Application Gateway v2
- Google: Storage bucket
- Scope CLI run errors by project, so that multi-project runs no longer fail at the first error. Instead, they report aggregated errors at the end of the run.
- Add retry logic for downloading variables and registry modules from Terraform Cloud and GitLab.
- Add retry logic for failed Cloud Pricing API lookups.
- Ignore variables marked as sensitive, and well-known variable names such as “api_key” or “password”, from CLI missing-variable warnings.
infracost diffto show skipped resources.
- Add support for absolute file paths for Terraform variable files, offering greater flexibility for projects and helping users with a top-level global variable file directory.
- Improve the macOS/Linux installer script to allow downloading any version.
New YouTube demo
Hassan, my co-founder, recorded a new YouTube demo showing how Infracost Cloud builds on top of Infracost open source and gives team leads, managers and FinOps practitioners dashboards, guardrails and centralized cost policies so they can save money (e.g. switch AWS GP2 volumes to GP3).
I also gave a talk at the DevOps Belfast Meetup about how Cloud Pricing Is Too Damn Complicated!