Azure Dev/Test Cost Chef – Comprehensive Resource Auditor
Multi-course audit of Azure dev/test environments with 7 different optimization checks — no enterprise complexity, just results.
Table of Contents
- Introduction
- Why Comprehensive Auditing
- Audit Categories Overview
- Cost Optimization Audits
- Governance & Security Audits
- Prerequisites & Setup
- Script Parameters
- Usage Examples
- Basic Usage
- Advanced Usage
- Report Outputs
- CSV Exports
- HTML Reports
- Optimization Impact
- Implementation Roadmap
- Troubleshooting
- Download & Installation
Introduction
The Azure Dev/Test Cost Chef is your comprehensive kitchen inspector for Azure dev/test environments 🍳🔍 This PowerShell recipe scans your Azure subscription for resources tagged as dev/test and serves up a multi-course report highlighting 7 different categories of cost optimizations, security issues, and governance gaps.
Forget the enterprise stew of complex dashboards and premium monitoring tools. This script uses Azure's native APIs directly — simple, powerful, and lean enough for any small team, startup, or savvy FinOps operation. Perfect for chefs who want comprehensive insights without cloud complexity. Just run, audit, and optimize. 🚀💰
Cost Optimization Focus
Identifies premium SKUs, oversized VMs, and orphaned resources that are burning budget unnecessarily.
Security & Governance
Flags permissive security groups, missing automation tags, and expired resource groups.
Why Comprehensive Auditing
Dev/test environments are notorious cost and security black holes. This comprehensive auditing approach provides:
40-60% Cost Reduction
Most organizations can cut dev/test costs in half by implementing the recommendations from this comprehensive audit.
Security Posture
Identify overly permissive network security groups and missing governance controls before they become problems.
Operational Hygiene
Establish proper tagging, automation, and lifecycle management practices across all dev/test resources.
Unlike simple cost monitoring tools, this script provides actionable insights across multiple dimensions: cost optimization, security hardening, and governance compliance. It's designed for teams who want to mature their dev/test operations holistically.
Audit Categories Overview
The Azure Dev/Test Cost Chef performs 7 different audit categories, organized into two main areas:
Cost Optimization Audits
1. Premium SKU Detection
Identifies PaaS services running on premium tiers unnecessarily:
- App Service Premium plans (P1V2, P2V2, P3V2, P1V3, P2V3, P3V3)
- SQL Database Premium tiers (P1, P2, P4, P6, P11, P15)
- Premium Storage accounts and Redis Cache
- Premium Service Bus and Event Hub namespaces
2. Oversized VMs
Detects VMs with SKUs too large for dev/test workloads:
- D8s_v3+ series (8+ cores)
- F8s_v2+ series (8+ cores)
- E8s_v3+ series (8+ cores)
- Legacy DS13+, GS3+ series
3. Orphaned Disks
Finds unattached managed disks accumulating storage costs with size and SKU details.
4. Unused Public IPs
Identifies public IP addresses not attached to any resource ($5-15/month each).
Governance & Security Audits
5. Missing Automation Tags
VMs without AutoShutdown, Schedule, or StopStart tags for cost control.
6. Permissive NSGs
Network Security Groups allowing broad inbound access (0.0.0.0/0) on critical ports.
7. Expiration Management
Resource groups missing ExpirationDate, TTL, or DeleteAfter tags for lifecycle management.
Prerequisites & Setup
Before running the Azure Dev/Test Cost Chef, ensure you have the required PowerShell modules and permissions:
Install the following Azure PowerShell modules:
# Install required Azure PowerShell modules
Install-Module -Name Az.Accounts -Force
Install-Module -Name Az.Resources -Force
Install-Module -Name Az.Compute -Force
Install-Module -Name Az.Network -Force
# Connect to Azure
Connect-AzAccount| Permission | Scope | Purpose |
|---|---|---|
| Reader | Subscription | Basic resource enumeration and tag reading |
| Network Contributor (read-only) | Subscription | NSG and Public IP analysis |
| Virtual Machine Contributor (read-only) | Subscription | VM status and configuration checking |
| Storage Account Contributor (read-only) | Subscription | Disk and storage account analysis |
The script only requires read permissions and will not modify any resources. The "Contributor" roles listed above are only needed for their read capabilities on specific resource types.
Script Parameters
The DevTest-CostChef.ps1 script accepts the following parameters for customization:
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| SubscriptionId | String | No | Current context | Target Azure subscription ID |
| OutputPath | String | No | Current directory | Directory for CSV and HTML reports |
| DevTestTags | String[] | No | dev,test,development,testing,staging,qa | Tag values identifying dev/test resources |
| SuppressWarnings | Bool | No | $true | Suppress Azure PowerShell breaking change warnings |
The DevTestTags parameter allows you to customize which tag values identify dev/test resources. The script checks all tag keys for these values, making it flexible for different organizational tagging strategies.
Usage Examples
Basic Usage
Quick comprehensive audit with default settings:
# Run complete audit with defaults
.DevTest-CostChef.ps1Organize reports in a dedicated folder:
# Save reports in organized directory
.DevTest-CostChef.ps1 -OutputPath "./audit-reports"Advanced Usage
Target specific subscription with custom tag strategy:
# Audit specific subscription with custom tags
.DevTest-CostChef.ps1 -SubscriptionId "12345678-1234-1234-1234-123456789012" -DevTestTags @('dev','test','sandbox','experimental','poc') -OutputPath "./comprehensive-audit" -SuppressWarnings $trueBatch processing multiple subscriptions:
# Process multiple subscriptions
$subscriptions = @(
"12345678-1234-1234-1234-123456789012",
"87654321-4321-4321-4321-210987654321"
)
foreach ($sub in $subscriptions) {
Write-Host "Auditing subscription: $sub"
.DevTest-CostChef.ps1 -SubscriptionId $sub -OutputPath "./audit-$sub"
}The script is designed for automation workflows. Set SuppressWarnings to $truefor clean output in CI/CD pipelines or scheduled tasks.
Report Outputs
CSV Exports (7 Files)
The script generates detailed CSV files for each audit category:
| File Name | Content | Key Columns |
|---|---|---|
| PaaS_Premium_Resources.csv | PaaS services on premium SKUs | ResourceName, ResourceType, CurrentSKU, Location |
| VMs_Missing_Automation.csv | VMs without stop/start tags | VMName, PowerState, VMSize, HasStopStartTag |
| Oversized_VMs.csv | VMs too large for dev/test | VMName, CurrentSize, PowerState, Location |
| Orphaned_Disks.csv | Unattached managed disks | DiskName, SizeGB, SkuName, CreatedDate |
| Unused_PublicIPs.csv | Unattached public IP addresses | PublicIPName, IPAddress, AllocationMethod, SkuName |
| Permissive_NSGs.csv | Overly broad security groups | NSGName, PermissiveRulesCount, RuleNames |
| Expired_ResourceGroups.csv | Missing/expired expiration tags | ResourceGroupName, HasExpirationTag, IsExpired, ExpirationDate |
HTML Reports
Professional CloudCostChefs-branded HTML report includes:
Executive Dashboard
- High-level metrics across all 7 categories
- Total resources scanned and issues found
- Estimated cost impact by category
- Security posture summary
Detailed Findings
- Category-specific tables with full details
- Actionable recommendations for each finding
- Resource links for quick Azure portal access
- Mobile-responsive professional design
Optimization Impact
Expected cost savings and improvements by implementing the audit recommendations:
| Category | Typical Savings | Implementation Effort | Time to Value |
|---|---|---|---|
| Premium SKU Downgrades | 50-70% cost reduction | Low (configuration change) | Immediate |
| Oversized VM Rightsizing | 40-60% compute savings | Medium (testing required) | 1-2 weeks |
| VM Auto-Shutdown | 60-80% savings on idle time | Low (tagging) | Immediate |
| Orphaned Disk Cleanup | 100% storage cost elimination | Low (verification + deletion) | Immediate |
| Public IP Cleanup | $5-15/month per IP | Low (verification + deletion) | Immediate |
| NSG Hardening | Security risk reduction | Medium (security review) | 1-2 weeks |
| Lifecycle Management | 15-25% overall reduction | Medium (policy implementation) | 2-4 weeks |
Start with orphaned resources and unused public IPs for immediate 100% cost elimination, then move to premium SKU downgrades and VM auto-shutdown for the biggest impact. Save rightsizing and governance improvements for later phases.
Implementation Roadmap
Recommended 4-week implementation plan for maximum impact:
Week 1: Setup & Quick Wins
- Install PowerShell modules and verify permissions
- Run initial comprehensive audit
- Clean up orphaned disks and unused public IPs
- Implement VM auto-shutdown tags
Week 2: Cost Optimization
- Downgrade obvious premium SKU candidates
- Begin VM rightsizing for oversized instances
- Test performance impact of downgrades
- Document cost savings achieved
Week 3: Security & Governance
- Review and harden permissive NSGs
- Add expiration tags to resource groups
- Establish tagging standards and policies
- Create governance documentation
Week 4: Automation & Monitoring
- Schedule regular audit runs
- Set up automated reporting
- Implement policy enforcement
- Measure and celebrate success
Troubleshooting
Common issues and solutions when running the Azure Dev/Test Cost Chef:
| Issue | Cause | Solution |
|---|---|---|
| Authentication errors | Not logged into Azure | Run Connect-AzAccount before script |
| Permission denied errors | Insufficient Azure permissions | Verify Reader role on subscription |
| Module not found errors | Missing PowerShell modules | Install Az.Accounts, Az.Resources, Az.Compute, Az.Network |
| Empty results | No dev/test tagged resources | Verify DevTestTags parameter matches your tagging |
| Slow execution | Large subscription with many resources | Use resource group filtering or run during off-hours |
| CSV encoding issues | Regional settings | Open CSV files with UTF-8 encoding |
| HTML report not displaying | Browser security settings | Save HTML file locally and open in browser |
For subscriptions with thousands of resources, the script may take 10-15 minutes to complete. Consider running during off-hours or implementing resource group filtering for faster execution.
Download & Installation
🍳 Get Your Azure Dev/Test Cost Chef
Ready to start comprehensive auditing of your Azure dev/test environments? Download the complete PowerShell script and start identifying optimization opportunities across 7 different categories.
Direct Download
Get the latest version of the DevTest-CostChef.ps1 script
Version 2.0 | Updated: 6/28/2025 | Size: ~15KB
Copy and paste this command to download and run the script directly:
# Download and run Azure Dev/Test Cost Chef
Invoke-WebRequest -Uri "https://cloudcostchefs.com/downloads/azure-devtest-auditor.ps1" -OutFile "DevTest-CostChef.ps1"
.DevTest-CostChef.ps1 -OutputPath "./audit-reports"Alternative Access Methods
- GitHub Repository: View source code and contribute
- PowerShell Gallery:
Install-Script -Name DevTest-CostChef - Azure Cloud Shell: Pre-installed in CloudCostChefs Cloud Shell environment
- Docker Container: Run in isolated container with all dependencies
Ready to Chef Up Your Dev/Test Optimization?
The Azure Dev/Test Cost Chef is your complete solution for comprehensive dev/test environment optimization. With 7 different audit categories, you'll identify cost savings, security improvements, and governance gaps that most organizations miss with basic monitoring tools.
Most teams see 40-60% cost reductions and significantly improved security posture within the first month of implementation.