Governance Policies Cost Sku Selection - Azure/az-prototype GitHub Wiki
Governance policies for Sku Selection
Domain: cost
| Name | Description |
|---|---|
| Environment-tiered SKU selection | Select SKUs based on environment: dev/POC uses lowest viable tier, production uses appropriate performance tier with redundancy |
| Description | Instead |
|---|---|
| Do not use the same SKU for dev and production environments | Use tiered SKU selection — burstable/basic/consumption for dev, standard/premium for production |
| Do not select SKUs based solely on feature availability | Balance features against cost — many premium features are unnecessary for POC validation |
| Do not use Classic or deprecated resource types | Use current-generation resource types (StorageV2, Gen5 SQL, Flexible PostgreSQL) |
- Azure pricing calculator
- App Service pricing
- Azure SQL Database pricing
- Cosmos DB pricing
- Azure Cache for Redis pricing
| Check | Severity | Description |
|---|---|---|
| WAF-COST-SKU-001 | Required | Select appropriate compute SKU based on environment tier — B-series for dev/POC, D-series for production |
| WAF-COST-SKU-002 | Required | Select appropriate database SKU based on environment tier — serverless/burstable for dev, provisioned/GP for production |
| WAF-COST-SKU-003 | Required | Select appropriate storage redundancy — LRS for dev/POC, GRS or ZRS for production; use tiered access (Hot/Cool/Archive) |
| WAF-COST-SKU-004 | Required | Select appropriate networking SKU — Basic for dev/POC, Standard for production |
| WAF-COST-SKU-005 | Required | Select appropriate cache SKU — Basic C0 for dev/POC, Standard C1+ for staging, Premium for production clustering |
Select appropriate compute SKU based on environment tier — B-series for dev/POC, D-series for production
Severity: Required
Rationale: Compute is typically the largest cost driver; right-sizing by environment prevents overspending on dev while ensuring production performance
Agents: terraform-agent, bicep-agent, cloud-architect, cost-analyst
- Microsoft.Web/sites
- Microsoft.App/containerApps
- Microsoft.Compute/virtualMachines
- Microsoft.Sql/servers/databases
- Microsoft.DocumentDB/databaseAccounts
- Microsoft.DBforPostgreSQL/flexibleServers
- Microsoft.Web/serverfarms
- Microsoft.App/managedEnvironments
- Microsoft.Compute/virtualMachines
- Microsoft.Network/loadBalancers
- Microsoft.Network/frontDoors
- Microsoft.Network/virtualNetworkGateways
- Microsoft.Cache/redis
Select appropriate database SKU based on environment tier — serverless/burstable for dev, provisioned/GP for production
Severity: Required
Rationale: Database costs can exceed compute; serverless and burstable tiers eliminate idle costs in dev
Agents: terraform-agent, bicep-agent, cloud-architect, cost-analyst
- Microsoft.Web/sites
- Microsoft.App/containerApps
- Microsoft.Compute/virtualMachines
- Microsoft.Sql/servers/databases
- Microsoft.DocumentDB/databaseAccounts
- Microsoft.DBforPostgreSQL/flexibleServers
- Microsoft.Sql/servers/databases
- Microsoft.DocumentDB/databaseAccounts
- Microsoft.DBforPostgreSQL/flexibleServers
- Microsoft.Network/loadBalancers
- Microsoft.Network/frontDoors
- Microsoft.Network/virtualNetworkGateways
- Microsoft.Cache/redis
Select appropriate storage redundancy — LRS for dev/POC, GRS or ZRS for production; use tiered access (Hot/Cool/Archive)
Severity: Required
Rationale: Storage redundancy costs scale linearly; LRS is 2-3x cheaper than GRS. Access tiers reduce costs for infrequently accessed data
Agents: terraform-agent, bicep-agent, cloud-architect, cost-analyst
- Microsoft.Web/sites
- Microsoft.App/containerApps
- Microsoft.Compute/virtualMachines
- Microsoft.Sql/servers/databases
- Microsoft.DocumentDB/databaseAccounts
- Microsoft.DBforPostgreSQL/flexibleServers
- Microsoft.Storage/storageAccounts
- Microsoft.Network/loadBalancers
- Microsoft.Network/frontDoors
- Microsoft.Network/virtualNetworkGateways
- Microsoft.Cache/redis
Select appropriate networking SKU — Basic for dev/POC, Standard for production
Severity: Required
Rationale: Networking services vary significantly in cost by tier; Basic SKUs are sufficient for development
Agents: terraform-agent, bicep-agent, cloud-architect, cost-analyst
- Microsoft.Web/sites
- Microsoft.App/containerApps
- Microsoft.Compute/virtualMachines
- Microsoft.Sql/servers/databases
- Microsoft.DocumentDB/databaseAccounts
- Microsoft.DBforPostgreSQL/flexibleServers
- Microsoft.Network/loadBalancers
- Microsoft.Cdn/profiles
- Microsoft.Network/virtualNetworkGateways
- Microsoft.Network/loadBalancers
- Microsoft.Network/frontDoors
- Microsoft.Network/virtualNetworkGateways
- Microsoft.Cache/redis
Select appropriate cache SKU — Basic C0 for dev/POC, Standard C1+ for staging, Premium for production clustering
Severity: Required
Rationale: Redis cache pricing varies 10x between tiers; Basic is sufficient for development caching scenarios
Agents: terraform-agent, bicep-agent, cloud-architect, cost-analyst
- Microsoft.Web/sites
- Microsoft.App/containerApps
- Microsoft.Compute/virtualMachines
- Microsoft.Sql/servers/databases
- Microsoft.DocumentDB/databaseAccounts
- Microsoft.DBforPostgreSQL/flexibleServers
- Microsoft.Cache/redis
- Microsoft.Network/loadBalancers
- Microsoft.Network/frontDoors
- Microsoft.Network/virtualNetworkGateways