The suite of Steampipe mods includes a half-dozen that focus on cost control. These mods check for idle compute instances, unused volumes, stale backups, and more. Here we'll focus on AWS Thrifty, but all Thrifty mods follow the same pattern.
Install the plugin
If you haven't already installed and configured the corresponding plugin -- in this case, it's the AWS plugin -- then start by doing so.
To check multiple AWS accounts, use a connection aggregator to define an aggregate connection (e.g. aws_all) that combines single-account connections (e.g. aws_01, aws_02, etc). You can also use a region wildcard on the aggregated connection to run cost controls across all regions.
It's a good idea to check that Steampipe can access all your configured accounts. Here's a query to do that.
If you've configured four accounts, the query should return four rows.
Clone the mod
To run the benchmarks and controls provided by the AWS Thrifty mod, clone the repo and then visit its local copy.
The mod defines 41 controls grouped into these 15 benchmarks.
- CloudFront Checks
- CloudTrail Checks
- CloudWatch Checks
- Cost Explorer Checks
- DynamoDB Checks
- EBS Checks
- EC2 Checks
- ECS Checks
- ElastiCache Checks
- EMR Checks
- Lambda Checks
- Networking Checks
- RDS Checks
- Redshift Checks
- S3 Checks
Run a single control
Let's start with the first of the 9 EBS controls, Old EBS snapshots should be deleted. Here's a command to run just that one control on four AWS accounts.
The search-path-prefix argument ensures that the connection named aws_all will be the target of this control run.
Here's the console output.
The control finds that 6 of 8 snapshots are older than its default threshold of 90 days. What if your policy is to only flag snapshots older than 180 days? You can change the threshold. The above steampipe check command is equivalent to this expanded version.
Here's the same check with a threshold of 180 days.
Results are slightly different. With this policy in effect, only 5 of 8 snapshots cross the threshold.
How would you know that the variable ebs_snapshot_max_age exists? Visit the mod's variables page to see what's available, and to review the defaults.
Run a benchmark
The ebs_snapshot_max_age control is one of the 9 controls that comprise the EBS benchmark. You can run all 9 controls with a single command.
You can pass one or more variables to adjust the defaults.
You can read the whole report in the console, but when you're running many controls it's convenient to review the output in HTML or Markdown. This command displays the report in the console, renders it as Markdown, and saves that output to a file.
Run all the things!
You can run all 15 benchmarks with one command.
When you're generating this much data, it may make sense to export to CSV.
This command creates a CSV file with a name like all-20220329-181410.csv (because the command ran on March 29 at 4:15PM). If you want to track your progress as you tackle the issues surfaced in the report, you can run this command periodically to accumulate a series of CSV files.
How to analyze that series of CSV files? Use the CSV plugin to query them as SQL tables. To enable that, point the paths argument in your ~/steampipe/config/csv.spc file to the mod's repo.
Now you can track the stats over time as you make adjustments based on the report. How to chart those changing stats? Create a dashboard! That's easier, and more fun, than you might expect. Check out our tutorial to see how it's done.
If you have questions, head on over to our Slack workspace. It's full of friendly people who want to share their experiences and help you succeed with AWS Thrifty (or anything else Steampipe-related).
If you want to report a bug, suggest a new control, or contribute one of your own, the AWS Thrifty GitHub repo is waiting to hear from you. We love feedback, and we treasure contributions.
Meanwhile, happy hunting as you use AWS Thrifty to find ways to control resource costs!