How to require approvals for cloud infrastructure based on cost thresholds

March 26, 2024
10 min

Some of the most common challenges our users face involve balancing self service with cloud cost controls. 

Many teams are eager to unlock the speed of decentralized cloud access so users can provision and deploy the infrastructure they need on demand. 

However, anyone who’s been burned by oversized or otherwise excessively expensive cloud environments knows the risk. To prevent budget overruns, many revert to a centralized infrastructure process in which the IT and DevOps personnel who are familiar with cost optimization build and review environments to prevent wasted spend. 

But this centralization comes at the cost of the speed that the cloud promises. 

This is one of the use cases for our new approvals workflows. 

Quali’s Torque automatically orchestrates IaC, Kubernetes, and other infrastructure assets into repeatable templates for ready-to-run environments. 

This allows DevOps, IT, and other admins to set up role-based self-service access to infrastructure pre-configured to support their use cases without exceeding budgets. 

To allow our users to further customize this self-service approach, we recently rolled out the option for approvals for specific action with infrastructure. 

Approvals workflows trigger notifications within the collaboration, messaging, and IT service management tools our users rely on, including Slack, Microsoft Teams, and ServiceNow. 

Here’s an overview of the architecture to help show how it works: 

Examples of workflows based on cloud cost guidelines 

Some of our users have already embraced approval workflows as a measure to prevent unnecessary cloud costs. 

Here are a few examples: 

  • If the env cost is < $10/hour, approve automatically 
  • If the env cost is > $50/hour, deny automatically 
  • If the cost is in between, require manual approver/s 

While the numbers here are placeholders, the outcome is clear. The team decided that they 1.) don’t need to approve anything below a certain threshold, 2.) will never approve anything that is above a high-end threshold, and 3.) will want to know about attempts to deploy infrastructure that falls in a certain cost range. 

From here, the approver can review the environment to make sure the workload justifies the costs of the infrastructure allowed. And since infrastructure is delivered via repeatable templates, they can make changes to rightsize the cloud infrastructure so it falls under the threshold that requires approval. 

We made this update to recognize that not all environments are equal. Custom approvals is another way to enhance the value of self-service access to infrastructure while operationalizing cloud governance standards. 

Learn more about Quali’s Torque here.