Governance policies for Reserved Instances

Domain: cost

Name	Description
Reservation strategy for production workloads	After 1-2 months of production data, analyze Azure Advisor recommendations and purchase 1-year reservations for stable baseline compute. Use savings plans for flexible workloads
Tag-based reservation tracking	Tag reservation-eligible resources with ReservationEligible, ReservationTerm, and service-specific metadata for cost tracking

Description	Instead
Do not purchase reservations before production workloads are stable	Wait 1-2 months for usage data; use Azure Advisor reservation recommendations
Do not purchase 3-year reservations for new workloads	Start with 1-year reservations; upgrade to 3-year after confirming workload stability
Do not reserve compute for dev/POC environments	Use pay-as-you-go, serverless, burstable, and spot instances for dev/POC
Do not reserve more capacity than your measured baseline	Reserve the stable baseline; let autoscale/pay-as-you-go handle spikes

• Azure Reserved VM Instances
• Azure Savings Plans
• Cosmos DB reserved capacity
• SQL Database reserved capacity
• Azure Advisor cost recommendations

---

Check	Severity	Description
WAF-COST-RI-001	Recommended	Recommend Azure Reserved VM Instances for production workloads with stable, predictable compute usage over 12+ months
WAF-COST-RI-002	Recommended	Recommend Azure Savings Plans for compute when workloads may change VM size, region, or service type
WAF-COST-RI-003	Recommended	Recommend Cosmos DB reserved capacity for production workloads with predictable RU/s consumption
WAF-COST-RI-004	Recommended	Recommend SQL Database reserved capacity for production vCore databases with stable utilization

---

Recommend Azure Reserved VM Instances for production workloads with stable, predictable compute usage over 12+ months

Severity: Recommended
Rationale: 1-year reservations save 30-40% over pay-as-you-go; 3-year reservations save 55-65%. Only applicable to stable production workloads
Agents: cost-analyst, cloud-architect, project-manager

• Microsoft.Compute/virtualMachines
• Microsoft.Sql/servers/databases
• Microsoft.DocumentDB/databaseAccounts
• Microsoft.Web/sites
• Microsoft.ContainerService/managedClusters
• Microsoft.Cache/redis
• Microsoft.DBforPostgreSQL/flexibleServers

---

Recommend Azure Savings Plans for compute when workloads may change VM size, region, or service type

Severity: Recommended
Rationale: Savings Plans provide 15-25% savings with flexibility to change compute type, unlike reservations which are locked to a specific VM size and region
Agents: cost-analyst, cloud-architect, project-manager

• Microsoft.Compute/virtualMachines
• Microsoft.Sql/servers/databases
• Microsoft.DocumentDB/databaseAccounts
• Microsoft.Web/sites
• Microsoft.ContainerService/managedClusters
• Microsoft.Cache/redis
• Microsoft.DBforPostgreSQL/flexibleServers

---

Recommend Cosmos DB reserved capacity for production workloads with predictable RU/s consumption

Severity: Recommended
Rationale: Cosmos DB 1-year reserved capacity saves ~20% on provisioned throughput; 3-year saves ~30%. Only for provisioned (not serverless) accounts
Agents: cost-analyst, cloud-architect

• Microsoft.Compute/virtualMachines
• Microsoft.Sql/servers/databases
• Microsoft.DocumentDB/databaseAccounts
• Microsoft.Web/sites
• Microsoft.ContainerService/managedClusters
• Microsoft.Cache/redis
• Microsoft.DBforPostgreSQL/flexibleServers

---

Recommend SQL Database reserved capacity for production vCore databases with stable utilization

Severity: Recommended
Rationale: SQL reserved capacity saves ~30-40% on provisioned vCore compute (not serverless). Only for databases with consistent CPU usage
Agents: cost-analyst, cloud-architect

• Microsoft.Compute/virtualMachines
• Microsoft.Sql/servers/databases
• Microsoft.DocumentDB/databaseAccounts
• Microsoft.Web/sites
• Microsoft.ContainerService/managedClusters
• Microsoft.Cache/redis
• Microsoft.DBforPostgreSQL/flexibleServers

---