Tagging resources in Azure can be super useful for billing, organizing resources by department, or really just remembering what that one VM called
super-important-2153 actually does. That's a great start. However, you know what's even better? Tag enforcement. With this workflow, you can save money on your monthly Azure bill and enforce your tagging policy by deleting untagged VMs.
This workflow will first look for all Azure virtual machines in a Subscription (or optionally, resource group). Then, it will filter that list for the untagged virtual machines. Then, it waits for your approval. Finally, once approval has been granted, it will delete the untagged virtual machines. Nice!
Before you run this workflow, you will need the following:
- An Azure Subscription
- An Azure Service Principal with permissions to manage compute resources
- One or more running Azure Virtual Machines with no tags.
Configure the workflow
Follow these steps to configure the workflow. Doing this will enable Relay to connect to your Azure account.
You may see a warning that you are missing a required connection. This means you will need to add your Azure credentials as a Connection.
- Click Fill in missing connections or click Settings in the side nav.
- Find the Connection named
my-azure-accountand click the plus sign (+).
Fill out the form:
- Name - You can’t change this with the form. The name is supplied by the YAML. If you wanted to change it you would need to do so in the Code tab.
- Subscription ID - Enter your Azure Subscription ID
- Client ID - Enter your Azure Client ID associated with the service principal
- Tenant ID - Enter your Azure Tenant ID associated with the service principal
- Secret - Enter your Azure Secret associated with the service principal
TIP If you need help getting your Azure credentials, check out our blog post.
- Click Save
Run the workflow manually
Follow these steps to run this workflow.
Click Run workflow and wait for the workflow run page to appear.
Supply values for the parameters fields when the modal appears:
- dryRun -
trueif you dont want to actually delete the resources. Use this to test the workflow and ensure it is behaving as expected.
falseif you want the resources to be immediately deleted.
- dryRun -
WARNING! Be careful setting
false. Though the workflow comes with an approval step, once approved the resources will be terminated. Please use caution.
Run the workflow on a schedule
Follow these steps to run this workflow on a schedule:
- Un-comment out the included Trigger block in the workflow YAML. You can do this in the Code tab.
TIP: If you're using the Relay code editor, highlight the
triggerssection and type
⌘ + /(Mac) or
Ctrl + /(Windows) to uncomment.
# triggers: # - name: schedule # source: # type: schedule # schedule: '0 * * * *' # binding: # parameters: # dryRun: true
- Configure the
- Supply the run interval in cron format.
- Configure the following parameter bindings:
- Specify whether
dryRunshould be set to
- Specify whether
binding: parameters: dryRun: true
- Click Save changes