Rules

Rules is a CCA feature that checks the resources used in the cloud, returning recommendations for optimizing the environment.

The rules are divided into two categories: Savings and Best Practices.

How to get to the Rules:

  1. In the CCA side feature menu, select Rules.

  1. Filters

On the home screen, you can search for available rules and filter by category.

  1. Reports

When you click on “Download report”, a .csv file is downloaded with details of all the rules.

  1. Rules

The CCA Rules are a set of recommendations based on the services available by the provider, and are divided into the two categories mentioned above.

For each rule, it is possible to view some information:

  • Monitored accounts: Lists the number of accounts that are being monitored for this recommendation.

  • Total resources found: Lists the number of resources that apply to the rule.

  • Total estimated savings: Estimated cost of savings with implementation of the recommendations.

Clicking on the rule name in blue opens a detailed breakdown of the rule, showing the following information:

  • Monitored accounts

  • Non-compliance resources

  • Total ignored resources found

  • Ignored resources cost

  • Total estimated savings

The system also allows you to filter by Account ID, Resource ID, or Region, as highlighted below:

As filters are applied, the data displayed in the rule’s overview panel may change.

Clicking on the option “Download report”, a .csv file is downloaded with details only for the selected rule.

Further down, the system presents some action options:

  • By clicking the ignore icon "" you can ignore the recommendation for that selected resource. The system will display a screen to you explain the reason why you want to ignore the resource.

By describing the reason and confirming the action, clicking the checkbox, the system will enable the button to complete the action:

  • In the icon next to " you can view details about the chosen resource such as resource information and Meta Data:

  1. Rule settings

Clicking on the "" gear, opens the rule configuration.

In the configuration, you can search for the customization you want to view.

By clicking on the "" key corresponding to the customization, it is possible to open the rule customizations, allowing you to disable the rule chosen in “Status”.

Default Setting:

In default setting, it is possible to have the configuration specified for each resource as:

  • Non-compliance after: Number of days after which the resource begins to be considered non-compliant. Example: Infrequent users: after 15 days, it is considered non-compliant.

  • Regions: The regions that will be listed are the regions that are being monitored.

By clicking the Edit option, you can configure the acceptable period for the resource to be considered out of compliance.

The system will prompt you to fill in the following fields:

  • Filter period operator: Select from the available options

    • Less than: When you want the number of days for the resource to be considered out of compliance to be less than the specified number.

    • Greater than: When you want the number of days for the resource to be considered out of compliance to be greater than the specified number.

  • Filter period days: Specify the number of days for the rule to be considered out of compliance.

By clicking the save button, the system will complete the rule compliance customization.

If this rule has no customization, the compliance value will be as per the default values.

It is possible to add new customizations to the rule.

Clicking Add opens the customization screen, where you will need to fill in the following information:

  • Filter kind: Select between the two existing filter types

    • Filter only the resources that match the filter

    • Filter only the resources that do not match the filter

  • Filter key: Enter the filter key that matches the tag

  • Enter the filter value: Enter the value you want to return in the filter

After inserting the customizations you want, just click save, and the customization will be added to the selected rule.

Rules of Savings

  1. Migration Intel to AMD VM: This rule identifies Azure Virtual Machines (VMs) currently using Intel-based VM sizes. Its goal is to help teams find VMs that are eligible for migration from Intel-based series to AMD-based series, enabling potential cost reduction and performance optimization, since AMD-based VMs often offer better price-performance ratios on Azure.

  2. Detached Disks: Identifies persistent disks on Azure that are not currently attached to any virtual machine and have remained unused for a configurable number of days. These disks may be incurring storage costs without providing operational value.

  3. SQL Database Without Connections: This rule performs a check to identify Azure SQL Databases that have shown no connection activity, no active queries, and no active sessions over a configurable time period. By querying Azure Monitor metrics, it determines which databases are potentially idle or unused, helping teams to reduce costs by decommissioning databases with no utilization.

  4. Unnecessary Snapshot: The rule is responsible for performing a check for unnecessary snapshots within an Azure account. Its goal is to identify snapshots that exceed the retention period defined by a compliance rule.

  5. NIC not associated with a VM: This rule identifies Azure Network Interfaces (NICs) that are not attached to any virtual machine (VM). Its goal is to detect orphaned NICs that remain in the subscription without being used by any compute resource. This helps teams optimize resource utilization and reduce unnecessary network infrastructure costs.

  6. Deallocated VM: This rule performs a check to identify Azure Virtual Machines (VMs) that are in a deallocated state and have attached data disks, and that have been in this state longer than the configured checker period. Its purpose is to help teams detect underutilized or forgotten VMs consuming storage costs due to attached disks, supporting cost optimization and resource cleanup.

  7. Redis Cache Without Key: This rule performs a check to identify Azure Redis Cache instances that do not contain any keys over a specified time period. By analyzing Redis metrics through Azure Monitor, it determines whether the total number of keys remains zero, indicating potentially unused or misconfigured cache instances. This helps teams optimize costs by identifying and decommissioning empty Redis instances.

  8. ALB Without Instance: This rule identifies Azure Load Balancers (ALBs) that do not have any associated backend instances. Its goal is to find load balancers that: Are not using the Basic SKU tier Do not have any backend address pools configured This helps identify unused or misconfigured load balancers, supporting cost optimization and infrastructure cleanup.

  9. Container Registry High Usage: This rule performs an excessive usage check on Azure Container Registry (ACR). Its goal is to identify registries that: Exceed the free storage limit of their assigned tier (SKU) Contain multiple old images (more than 5 per repository) Have multiple repositories with more than one image This enables the system to highlight opportunities for space optimization and removal of outdated images, aiming to reduce costs and improve the management of Docker image storage.

  10. Stopped VM: This rule performs a check to identify Azure Virtual Machines (VMs) that are in a stopped state (but not deallocated) and that have remained in this state longer than the configured checker period. It focuses only on VMs that still have attached data disks, helping teams identify unused but billable VMs that are incurring costs for storage and reserved resources, even when not running.

  11. Detached public IP: This rule identifies Azure Public IP Addresses that are not associated with any IP configuration or NAT Gateway. The goal is to detect orphaned Public IPs that are not in use, helping teams reduce unnecessary costs by releasing unused public IP resources.

  12. Low Use VM: This rule identifies Azure Virtual Machines (VMs) that are currently running but show consistently low CPU usage and low network output over a configurable time period. By querying Azure Monitor metrics, it determines which VMs are underutilized, helping teams to identify cost optimization opportunities by resizing, stopping, or decommissioning low-use VMs.

  13. Functions with High Error Rate: This rule identifies Azure Functions that are running on a Consumption Plan (Dynamic Tier) and have a high error rate (failures) over a defined period. It queries Application Insights metrics to calculate the percentage of failed executions per function and returns those exceeding the configured failure threshold, helping teams to identify unstable or failing serverless functions.

  14. Low Use IOPS Disks: Identifies Azure Premium V2 and Ultra disks with consistently low IOPS utilization over a configurable monitoring window. This check helps detect overprovisioned storage resources that are underutilized relative to their IOPS capacity. The checker retrieves read and write IOPS metrics using Azure Monitor, calculates the total IOPS used, and compares it against a predefined minimum utilization threshold (70 percent). Disks below this threshold are flagged for potential cost optimization.

Best Practice Rules

  1. Disk Migration To Premium V2: This rule identifies Azure Managed Disks that are already using Premium SKU but lack certain expected configurations (such as OS type or Hyper-V generation) and are distributed across availability zones. The main goal is to identify disks that may require migration or reconfiguration to align with infrastructure standards, particularly for performance optimization and high availability.

PreviousOverviewNextRightsizing

Last updated