Quickly and easily apply budgets to manage your OCI spending

My previous post discussing how my team uses and cleans up compartments was well recieved and I got a bunch of Slacks and emails about it. And I figured if there was that much interest in one of the ways we manage our tenancy there would probably be interest in some of the other ways we keep things on the straight and narrow here.

Truth be told, we also got an email from accounting asking us to update the cost center we charge our usage back against. Which reminded me that we actually do do [heh] what we advise customers to do - insure that you have budgets and charge spending back to the right department. This is actually part of our Maturity Acceleration Program and is something checked by the CIS Compliance Checker script we wrote and use as part of that program. And it's highly recommended to have budgets to catch things like "crypto jacking" early (check out a recent post by Josh and Sean from our Field CISO team where they discuss this in detail).

But actually having automation around creating budgets isn't part of anything we've mentioned in a public-facing forum.

So it's time to change that!

First things first, is a quick overview of how we use compartments... We have a Compartment tree that looks (something) like this:

Obviously the names above aren't all real.

Team 1 is my peer team and Jack & Jane are fake names for some of the people in that team.

Team 2 is my team and we have a compartment for each person on the team - Alice & Bob (of crypto infamy), Chris (for me), and a bunch of other (real) people.

We have a "spend what you need" policy within our organization. We trust everyone to be responsible adults and nobody has violated that by (e.g.) mining bitcoin or something. But budgets help insure that if something bad were to happen we'd know about it quickly.

To keep an eye on my own spending I created this budget back in 2020:

In this case, the budget is $200 per month, and I have a couple of alerts setup - one when my actual spending hits 50% of my budget and one when my forecast spend hits my budget. If I get the first email before 1/2 way through the month I know something's wrong. The same thing applies if I get the second alert any time before the last few days of the month. This works for me but, again, we treat people like adults and they are free to setup alerts that work for them.

As another example, someone else on the team (who clearly isn't as frugal as me) has this as their budget:

I have no idea what s/he's spending $1500 a month on, nor do I know why they have an alert set at 70% of the $500 budget. But it works for them so who am I to judge?

The important thing is that each and every person who owns a compartment has a budget set on their compartment (actually the above shows someone using a child tenancy vs a compartment, but it's the same difference).

When we on board someone to the team they more or less automatically get an account and a compartment for them under the right Team compartment. Part of that automation (written in Python of course) includes this:

        b.createBudget(compartment_id,owner,manager)

where "owner" and "manager" are the new person's email address and their manager's email address respectively.

The code in the class that does the work looks like this:

    def createBudget(self, compartment_ocid, owner, manager):
        logger.info("Creating budget on compartment {} with owner {}".format(compartment_ocid, owner))

        logger.debug("Constructing budget")
        b = {
            "displayName": owner.rsplit("@")[0],
            "compartmentId": "ocid1.tenancy.oc1..XXXXXXX",
            # "targetType": "COMPARTMENT",
            "targets": [compartment_ocid],
            "amount": "300.00",
            # "resetPeriod": "MONTHLY"
        }
        logger.debug("Budget: {}".format( json.dumps(b) ))

        logger.debug("Sending request")
        b = self.budget_client.create_budget( b )

        if 200 == b.status:
            budget_id = b.data.id
            # that's a success
            logger.debug("Budget {} created. Creating alerts".format( budget_id ))

            rule1 =oci.budget.models.CreateAlertRuleDetails(
                type="FORECAST",
                threshold=100.0,
                threshold_type="PERCENTAGE",
                recipients=owner + "," + manager
            )
            create_alert_rule_response = \
                self.budget_client.create_alert_rule(
                budget_id=budget_id,
                create_alert_rule_details=rule1 )

            rule2 =oci.budget.models.CreateAlertRuleDetails(
                type="ACTUAL",
                threshold=100.0,
                threshold_type="PERCENTAGE",
                recipients=owner + "," + manager
            )

            create_alert_rule_response = \
                self.budget_client.create_alert_rule(
                budget_id=budget_id,
                create_alert_rule_details=rule2 )
        else:
            logger.error("Error creating budget! Please check manually")

That code does 3 things:

1. creates a $300 budget
2. sets an email aler to them and their manager when they hit a forecast of spending 100% of their budget
3. sets another alert when they hit an actual spend of 100% of their budget

And again, we allow everyone to change their budget. But this is what they start with. And by creating a budget up front we nudge people toward doing The Right Thing by default. vs getting a surprise at the end of the month with an email from Accounting asking us why we spent so much money this month on OCI services and could we please look into it ASAP.

Have questions about how we use our tenancy and how you can better use your's? Hit us up in all the usual places!