Virtual Machines

Filters

• Standard Value Filter (see Generic Filters)

• Arm Filters (see Generic Filters)

  • Metric Filter - Filter on metrics from Azure Monitor - (see Virtual Machine Supported Metrics)

  • Tag Filter - Filter on tag presence and/or values

  • Marked-For-Op Filter - Filter on tag that indicates a scheduled operation for a resource

• instance-view Filter based on VM attributes in instance view, such as power state.

  properties:
    default:
      type: object
    key:
      type: string
    op:
      enum:
      - eq
      - equal
      - ne
      - not-equal
      - gt
      - greater-than
      - ge
      - gte
      - le
      - lte
      - lt
      - less-than
      - glob
      - regex
      - regex-case
      - in
      - ni
      - not-in
      - contains
      - difference
      - intersect
    type:
      enum:
      - instance-view
    value:
      oneOf:
      - type: array
      - type: string
      - type: boolean
      - type: number
      - type: 'null'
    value_from:
      additionalProperties: 'False'
      properties:
        expr:
          oneOf:
          - type: integer
          - type: string
        format:
          enum:
          - csv
          - json
          - txt
          - csv2dict
        url:
          type: string
      required:
      - url
      type: object
    value_regex:
      type: string
    value_type:
      enum:
      - age
      - integer
      - expiration
      - normalize
      - size
      - cidr
      - cidr_size
      - swap
      - resource_count
      - expr
      - unique_size
      - date
  required:
  - type
  

• metric Filter based on metrics from Azure Monitor, such as CPU usage.

  properties:
    aggregation:
      enum:
      - total
      - average
    filter:
      type: string
    interval:
      enum:
      - PT1M
      - PT5M
      - PT15M
      - PT30M
      - PT1H
      - PT6H
      - PT12H
      - P1D
    metric:
      type: string
    no_data_action:
      enum:
      - include
      - exclude
    op:
      enum:
      - eq
      - equal
      - ne
      - not-equal
      - gt
      - greater-than
      - ge
      - gte
      - le
      - lte
      - lt
      - less-than
    threshold:
      type: number
    timeframe:
      type: number
    type:
      enum:
      - metric
  required:
  - type
  - metric
  - op
  - threshold
  

• network-interface Filter based on properties of the network interfaces associated with the virtual machine.

  properties:
    default:
      type: object
    key:
      type: string
    op:
      enum:
      - eq
      - equal
      - ne
      - not-equal
      - gt
      - greater-than
      - ge
      - gte
      - le
      - lte
      - lt
      - less-than
      - glob
      - regex
      - regex-case
      - in
      - ni
      - not-in
      - contains
      - difference
      - intersect
    type:
      enum:
      - network-interface
    value:
      oneOf:
      - type: array
      - type: string
      - type: boolean
      - type: number
      - type: 'null'
    value_from:
      additionalProperties: 'False'
      properties:
        expr:
          oneOf:
          - type: integer
          - type: string
        format:
          enum:
          - csv
          - json
          - txt
          - csv2dict
        url:
          type: string
      required:
      - url
      type: object
    value_regex:
      type: string
    value_type:
      enum:
      - age
      - integer
      - expiration
      - normalize
      - size
      - cidr
      - cidr_size
      - swap
      - resource_count
      - expr
      - unique_size
      - date
  required:
  - type
  

• off-hours and on-hours Filter based on on-hour and off-hour configurations (see Example offhours policy)

Actions

• start Start the VMs

  properties:
    type:
      enum:
      - start
  required:
  - type
  

• poweroff Stop the VMs

  properties:
    type:
      enum:
      - poweroff
  required:
  - type
  

• stop Stop the VMs and deallocate resources

  properties:
    type:
      enum:
      - stop
  required:
  - type
  

• restart Restart the VMs

  properties:
    type:
      enum:
      - restart
  required:
  - type
  

Example Policies

Stop all running VMs

policies:
  - name: stop-running-vms
    resource: azure.vm
    filters:
      - type: instance-view
        key: statuses[].code
        op: in
        value_type: swap
        value: PowerState/running
    actions:
      - type: stop

Start all VMs

policies:
  - name: start-vms
    resource: azure.vm
    actions:
      - type: start

Restart all VMs

policies:
  - name: start-vms
    resource: azure.vm
    actions:
      - type: restart

Delete specific VM by name

policies:
  - name: stop-running-vms
    resource: azure.vm
    filters:
      - type: value
        key: name
        op: eq
        value_type: normalize
        value: fake_vm_name
    actions:
      - type: delete

Find all VMs with a Public IP address

policies:
  - name: vms-with-public-ip
    resource: azure.vm
    filters:
      - type: network-interface
        key: 'properties.ipConfigurations[].properties.publicIPAddress.id'
        value: not-null

This policy will find all VMs that have Percentage CPU usage >= 75% over the last 72 hours

policies:
  - name: busy-vms
    resource: azure.vm
    filters:
      - type: metric
        metric: Percentage CPU
        op: ge
        aggregation: average
        threshold: 75
        timeframe: 72

This policy will find all VMs that have Percentage CPU usage <= 1% over the last 72 hours, mark for deletion in 7 days

policies:
  - name: delete-unused-vms
    resource: azure.vm
    filters:
      - type: metric
        metric: Percentage CPU
        op: le
        aggregation: average
        threshold: 1
        timeframe: 72
     actions:
      - type: mark-for-op
        op: delete
        days: 7