Azure Resource Group Cost Analyzer
Analyze an Azure resource group to produce a comprehensive cost optimization report following Microsoft Well-Architected Framework and FinOps Foundation best practices.
Arguments:
- •
$0- Resource Group name (required) - •
$1- Region for pricing context (optional, defaults to auto-detect from RG)
Output: ~/azure-cost-analysis/{rg-name}-cost-analysis.md
Workflow
Phase 1: Pre-flight Validation
Run the pre-flight check script to validate the environment:
bash scripts/az-preflight-check.sh "$0"
If pre-flight fails, report the specific failure and stop. Common issues:
- •Azure CLI not installed
- •Not logged in (
az loginneeded) - •Resource group does not exist
- •Subscription not accessible
Phase 2: Resource Discovery
Enumerate all resources in the resource group and categorize by type:
az resource list --resource-group "$0" --output json
Build a resource inventory table with: Name, Type, SKU/Tier, Location, Tags.
Determine which analysis categories apply based on discovered resource types:
- •Compute & Apps: App Service Plans, Web Apps, Functions, VMs, VMSS, Container Apps
- •Data & Cache: Storage Accounts, Redis, SQL, PostgreSQL, Cosmos DB
- •Monitoring & Certs: Log Analytics, App Insights, Alerts, Key Vault, Certificates
- •Cost Management: Cost trends, Advisor recommendations, Activity logs
Phase 3: Parallel Deep Analysis
Spawn 4 azure-infra-engineer agents via the Task tool, each analyzing their assigned category. Pass the resource group name and the list of relevant resources to each agent.
Agent 1 - Compute & Apps Analyst:
Instruct the agent to analyze compute and application resources in resource group $0. For each resource found:
- •App Service Plans: SKU, worker count, app count, CPU/memory utilization (last 30 days), slot configurations
- •Web Apps / Function Apps: Runtime, always-on setting, deployment slots, custom domains, SSL bindings, app settings count, connection strings, outbound IP dependencies
- •VMs: Size, OS, disk configuration, CPU/memory utilization, auto-shutdown settings
- •Container Apps: Revision mode, scaling rules, resource limits
Use commands from the references/azure-cli-commands.md reference. Save findings to ~/azure-cost-analysis/$0-compute-analysis.md.
Agent 2 - Data & Cache Analyst:
Instruct the agent to analyze data and caching resources in resource group $0. For each resource found:
- •Storage Accounts: SKU, replication, access tier, container count, blob metrics (capacity, transaction count), lifecycle policies, CORS rules
- •Redis Cache: SKU/tier, memory usage, connected clients, cache hit ratio, eviction policy, clustering config
- •SQL/PostgreSQL: SKU, DTU/vCore, storage used vs allocated, connection count, long-running queries, backup retention
- •Cosmos DB: Throughput model (provisioned vs serverless), RU consumption, partition key distribution
Use commands from the references/azure-cli-commands.md reference. Save findings to ~/azure-cost-analysis/$0-data-analysis.md.
Agent 3 - Monitoring & Certs Analyst:
Instruct the agent to analyze monitoring and certificate resources in resource group $0. For each resource found:
- •Log Analytics Workspaces: SKU, daily cap, retention period, ingestion volume (last 30 days), connected sources
- •Application Insights: Type, daily cap, retention, ingestion volume, sampling rate
- •Alert Rules: Count, action groups, frequency, evaluation windows
- •Key Vault: SKU, secret/key/certificate count, access policies, soft-delete status
- •Certificates: Expiration dates, issuer, associated bindings
Use commands from the references/azure-cli-commands.md reference. Save findings to ~/azure-cost-analysis/$0-monitoring-analysis.md.
Agent 4 - Cost & Governance Analyst:
Instruct the agent to analyze cost trends and governance for resource group $0:
- •Cost Management: Last 6 months of cost data by resource, identify cost spikes and trends
- •Azure Advisor: Pull all recommendations (cost, security, reliability, performance)
- •Activity Logs: Last 6 months of resource modifications, identify unused/stale resources
- •Resource Graph: Run orphaned resource queries from
references/resource-graph-queries.md - •Tags: Audit tag compliance, identify untagged resources
- •Resource Locks: Check for delete/read-only locks
Use commands from the references/azure-cli-commands.md reference. Save findings to ~/azure-cost-analysis/$0-cost-governance-analysis.md.
Phase 4: Azure Advisor & Resource Graph
After parallel agents complete, run additional cross-cutting analysis:
# Orphaned resource detection az graph query -q "Resources | where resourceGroup =~ '$0' | where type =~ 'microsoft.network/publicipaddresses' | where properties.ipConfiguration == ''" --output json
Load queries from references/resource-graph-queries.md and execute each one scoped to the target resource group. Compile a list of orphaned/zombie resources.
Phase 5: Report Compilation
Merge all agent findings into a single professional report. Use the template structure from references/report-template.md:
- •Read all agent output files from
~/azure-cost-analysis/$0-*-analysis.md - •Compile into the report template structure
- •Cross-reference findings between agents (e.g., App Service connecting to Redis)
- •Calculate estimated monthly costs using
references/pricing-reference.md - •Generate 3 optimization scenarios (Conservative, Moderate, Aggressive)
- •Produce the final report at
~/azure-cost-analysis/$0-cost-analysis.md
Phase 6: Summary & Recommendations
Present to the user:
- •Executive summary (total estimated monthly cost, top 3 savings opportunities)
- •Critical issues requiring immediate attention (security, expiring certs, governance gaps)
- •Recommended next steps with the safety checklist from
references/safety-checklist.md - •Link to the full report file
Reference Files
Load these as needed during analysis:
- •Azure CLI Commands: references/azure-cli-commands.md - All Azure CLI commands organized by resource type
- •Resource Graph Queries: references/resource-graph-queries.md - KQL queries for orphaned/zombie resource detection
- •Pricing Reference: references/pricing-reference.md - Azure pricing estimates by SKU for cost calculations
- •Report Template: references/report-template.md - Professional report structure following FinOps standards
- •Safety Checklist: references/safety-checklist.md - Pre-deletion safety protocol and verification steps
Scripts
- •Pre-flight Check: scripts/az-preflight-check.sh - Validates Azure CLI, login state, subscription, and resource group existence
Key Design Principles
- •Adaptive Analysis: Dynamically adjust analysis based on discovered resource types -- never assume a fixed resource list
- •FinOps-Aligned: Follow Microsoft Well-Architected Framework Cost Optimization pillar
- •Safety-First: Never recommend hard deletes without the safety checklist; always recommend resource locks before deletion
- •Parallel Execution: Use 4 agents for speed on large resource groups
- •Cross-Reference Dependencies: Map connections between resources (e.g., App Service -> Redis, Web App -> Storage) before recommending deletions
- •Actionable Output: Every recommendation includes an
azCLI command to execute it