Mind nuances when you stop Google Cloud project from bleeding money
If you do not care about how much money you spend on your Google Cloud project then this post won’t be interesting to you. If you do, you might find the information below useful.
Google Cloud documentation gives examples of the automated cost control responses. It describes an option to send a notification message to PubSub in addition to the email each time the billing budget alert is triggered.
The specific example that stops the usage shows a Cloud Function (code in NodeJS and Python) that disables the billing account on the project. Another option is to disable all active APIs.
There are however a couple of things that are good to know when implementing these solutions.
Disabling the billing account stops ONLY usage costs. Meaning that any data the project stores such as GCS buckets, Artifact Registry images and packages, VM disks, BigQuery datasets, logs, metrics and traces are charged by volume. Disabling billing or disabling APIs does not stop the stored data from incur costs. Consider consolidating all stored data in designated projects where you can control the costs by enabling object lifecycle management, defining data retention strategies or deleting data after use to keep within the spending threshold.
Take safety margins when alerting. Because the alert notification isn’t guaranteed to be triggered immediately and the usage between the time when billing budget threshold is reached and the time the notification is sent to PubSub can reach from a few seconds to up to minute(s), make sure that the alert is triggered BEFORE the actual spending limit is reached.
Do not forget about subscription fees. Besides usage and storage costs you may be billed for using subscriptions. Subscribing to Anthos service mesh, enterprise tiers (e.g. GKE or SCC) or deploying services from the solution catalog have a monthly price that is incurred regardless of usage.
You do not have to use Cloud Functions. While the examples show use of Cloud Function to handle the alert’s notification and PubSub allows you to define a push subscription which forwards the message to any HTTP(S) endpoint. You can run your code in Cloud Run, GKE or anywhere outside Google Cloud. You can implement the handling logic using a shell script or Terraform by triggering a Cloud Build configuration on PubSub events.
Have more questions? Reach out to me.