powershell 使用

With strong organization and design for our development teams, cloud infrastructure and security considerations, we’ll now extract Azure cost information that we can share with our organization. In addition, we will see that we can retain this information if needed to track growth (or reduction) in costs. This step is important as it will allow our teams to have an insight into their development and it will also be another audit we can use on the security side to catch unusual growth (or significant reductions) in resource costs that may be the result of an attacker. Our ultimate goal with tracking these costs and sharing them with teams is to improve our development and possibly re-organize it as needed, giving us the ability to further reduce our spending.

凭借针对开发团队的强大组织和设计，云基础架构以及安全方面的考虑，我们现在将提取可与组织共享的Azure成本信息。 此外，如果需要跟踪成本的增长（或降低），我们将保留这些信息。 这一步很重要，因为这将使我们的团队能够深入了解他们的发展，这还将是我们可以在安全方面使用的另一项审核，以捕获资源成本的异常增长（或显着减少），这可能是由于攻击者。 我们跟踪这些成本并与团队共享的最终目标是改善我们的开发，并可能根据需要对其进行重组，从而使我们能够进一步减少支出。

By querying Azure cost information, we can share with development and improve to reduce costs.

通过查询Azure成本信息，我们可以与开发共享并进行改进以降低成本。

使用PowerShell获取成本信息的基本查询 (Basic Queries to Get Costs Information with PowerShell)

We’ll begin querying cost information by logging into AzureRm. To confirm the version that we’re using as well, we’ll import the AzureRm module and check for the version. These scripts were executed with version 6.13.1.

我们将通过登录AzureRm开始查询成本信息。 为了确认我们也正在使用的版本，我们将导入AzureRm模块并检查版本。 这些脚本在6.13.1版中执行。

Login-AzureRmAccount | Out-Null
Import-Module AzureRm
Get-Module | Where-Object {$_.Name -eq "AzureRm" } | Select-Object Name, Version

PowerShell will output the version and these scripts may require a higher version if below the one shown.

PowerShell将输出该版本，如果这些脚本低于所显示的版本，则这些脚本可能需要更高的版本。

In the below PowerShell call, we get the full Azure cost information of our logged in account. This will return everything for our Azure profile, which we’ll be filtering for details later. It’s worth seeing a view of the information that we’ll have access to and in some cases, we may want to see all the Azure information for a profile since some environments may demarcate assets by profile instead of other methods, such as subscriptions, resource groups, etc. We can wrap the PowerShell call in parenthesis and get specific properties, such as the InstanceName, Currency, BillingPeriodName, etc. If we are not logged in, we will not get any output – as long as we’re logged in in our current session, we’ll get information.

在下面的PowerShell调用中，我们获得了已登录帐户的完整Azure成本信息。 这将返回Azure配置文件的所有内容，稍后我们将对其进行过滤以获取详细信息。 值得一看的是，我们可以访问的信息的视图，在某些情况下，我们可能希望查看配置文件的所有Azure信息，因为某些环境可能按配置文件而不是其他方法（例如订阅，资源）来划分资产组等。我们可以将PowerShell调用包装在括号中并获取特定的属性，例如InstanceName，Currency，BillingPeriodName等。如果未登录，则只要登录即可，就不会有任何输出。在当前会话中，我们将获取信息。

Get-AzureRmConsumptionUsageDetail | ft

An example of the output we’ll get when we querying for Azure costs with this function.

使用此函数查询Azure成本时将获得的输出示例。

For security purposes, the below scripts will not come with images, but calls will return information as long as the parameters we use (such as billing period) have data from usage (ie: if we didn’t use resources in February of this year, we would get nothing in our query).

为了安全起见，以下脚本不会随图像一起提供，但是只要我们使用的参数（例如帐单周期）具有使用数据即可（例如：如果我们在今年2月不使用资源），调用将返回信息，我们在查询中什么也不会得到）。

If we had a resource named OurServer (such as an Azure SQL database), we could get Azure cost information from the below query by specifying the resource name OurServer. This query returns information about this Azure SQL Server (in this example). We can use the InstanceName parameter to specify the object. If we need to see the InstanceName of an object, we can always call the query Get-AzureRmConsumptionUsageDetail to see the full list of InstanceNames.

如果我们有一个名为OurServer的资源（例如Azure SQL数据库），则可以通过指定资源名称OurServer从以下查询中获取Azure成本信息。 此查询返回有关此Azure SQL Server的信息（在本示例中）。 我们可以使用InstanceName参数指定对象。 如果需要查看对象的InstanceName，则始终可以调用查询Get-AzureRmConsumptionUsageDetail来查看InstanceNames的完整列表。

Get-AzureRmConsumptionUsageDetail -InstanceName "OurServer"

One of the most common queries for Azure cost information involves periodic billing information, such as the spend for a month. In the below query, we query the spend information for the month of February (March is the billing month for the usage in February). This query along with additional parameters provides an example of what we may want to send development teams – the monthly cost of Azure resource usage so they can have insight into how resources are being used and where we can optimize these resources.

对Azure成本信息的最常见查询之一涉及定期计费信息，例如一个月的支出。 在下面的查询中，我们查询2月份的支出信息（3月份是2月份的使用结算月份）。 该查询以及其他参数提供了一个示例，说明了我们可能希望派遣开发团队什么— Azure资源使用的每月成本，以便他们可以深入了解资源的使用方式以及我们在哪里可以优化这些资源。

Get-AzureRmConsumptionUsageDetail -BillingPeriodName 201903

For smaller time ranges, we can specify the start and end times using the parameters StartDate and EndDate. In the below query, we’re looking at Azure cost information between February 1^st and 4^th. This query can be helpful for both security in detection of rapid cost increases or drops on a day-to-day basis or to assist development teams testing performance on a shorter time cadence. For an example, if a development team changes code to improve performance of cloud resources, they may want to see the comparison between the two days – the day before and the day after the code changed. This will help the team discover if the performance improved or didn’t improve so they can make the appropriate adjustments if they discover the latter. This can be helpful for teams as it provides constant feedback to teams so they can make improvements to reduce the likelihood of poor performing code with cloud resources.

对于较小的时间范围，我们可以使用参数StartDate和EndDate指定开始时间和结束时间。 在下面的查询中，我们正在查看2月1 ^日至4 ^日之间的Azure成本信息。 此查询对于在日常中快速检测成本的快速上升或下降的安全性或协助开发团队以较短的时间节奏测试性能都可能有帮助。 例如，如果开发团队更改代码以提高云资源的性能，则他们可能希望查看代码更改的前一天和更改后的两天之间的比较。 这将有助于团队发现性能是否有所提高，以便他们发现性能后可以进行适当的调整。 这对团队很有帮助，因为它可以向团队不断提供反馈，以便他们可以进行改进以减少使用云资源执行不良代码的可能性。

Get-AzureRmConsumptionUsageDetail -StartDate 2019-02-01 -EndDate 2019-02-04

We can get specific details when querying Azure cost information – in the below query, we select a subset of the full amount of data. We return the InstanceName, Currency, PretaxCost and IsEstimated properties for the usage in February (billed in March). Generally, we’ll want to share a subset of information with our development teams.

查询Azure成本信息时，我们可以获得特定的详细信息–在下面的查询中，我们选择了全部数据的一部分。 我们返回2月份使用情况的InstanceName，Currency，PretaxCost和IsEstimated属性（3月份记帐）。 通常，我们希望与我们的开发团队共享一部分信息。

Get-AzureRmConsumptionUsageDetail -BillingPeriodName 201903 | Select-Object InstanceName, Currency, PretaxCost, IsEstimated

In the below query, we get the top ten Azure cost information details and expand on the details of this information. The top parameter can be helpful for developers when teams have multiple areas where improvements need to be made and the initial focus should be on the top areas where optimizations should be made. As teams make improvements, the top query will continue to adapt showing the next expensive resources.

在下面的查询中，我们获得了十大Azure成本信息详细信息，并扩展了该信息的详细信息。 当团队有多个需要改进的地方并且最初的重点应该放在应该进行优化的地方时，top参数对开发人员会很有帮助。 随着团队的改进，最热门的查询将继续进行调整，以显示下一个昂贵的资源。

Get-AzureRmConsumptionUsageDetail -Expand MeterDetails -Top 10

In our final example, we combine some of the parameters we’ve already used with additional logic to drill into the Azure cost information for the InstanceName of OurServer. We return the top ten details of OurServer only returning the InstanceName, BillingPeriod, and UsageQuantity. We may require more or less information than the below query returns and this shows us how we can drill into information that we find useful for our development teams or for auditing information for security.

在最后一个示例中，我们将一些已经使用的参数与其他逻辑结合起来，以针对OurServer的InstanceName深入了解Azure成本信息。 我们返回OurServer的前十个详细信息，仅返回InstanceName，BillingPeriod和UsageQuantity。 我们可能需要比以下查询返回更多或更少的信息，这向我们展示了如何深入研究对我们的开发团队或审核安全性信息有用的信息。

Get-AzureRmConsumptionUsageDetail -Expand MeterDetails -Top 10 | Where-Object {$_.InstanceName -eq "OurServer"} | Select-Object InstanceName, BillingPeriod, UsageQuantity

We’ve seen that we can query information and we can save this information with PowerShell using the variety of command to export data to CSVs or write custom scripts to save this to storage (like storage accounts or SQL databases). Depending on what we want to do with this information, we may want to manage the data in one of the following ways, depending on our need:

我们已经看到我们可以查询信息，并且可以使用PowerShell使用各种命令将数据导出到CSV或编写自定义脚本以将其保存到存储（例如存储帐户或SQL数据库），并使用PowerShell保存此信息。 根据我们对这些信息的处理方式，我们可能需要根据以下需要之一来管理数据：

1. Direct calls with PowerShell and submitting results. Getting current data or comparing one recent time period to another time period, such as comparing February 1使用PowerShell直接调用并提交结果 。 获取当前数据或最近的一个时间周期进行比较来另一个时间段，如2月1日通过^st to February 2^第一通信信道（电子邮件，松弛等）进行比较来2月2 ^nd and sending the data through communication channels (email, Slack, etc) ^日和发送数据
2. Worksheets or SQL databases. Securely give users access to the data through demarcated access (indirectly) and allow them to query the data as needed. This secures the asset by not providing direct access, but access through a separate resource where the information is saved 工作表或SQL数据库 。 通过分界访问（间接）安全地授予用户访问数据的权限，并允许他们根据需要查询数据。 通过不提供直接访问，而是通过保存信息的单独资源进行访问来保护资产
3. Storage accounts. Store Azure cost information over time for 存储帐户 。 随着时间的推移在未来possible querying in the future (a basic Azure SQL database will also suffice for this) 可能的查询（基本AzureSQL数据库也将满足这一点）商店Azure的成本信息

成本信息的安全性 (Security of Cost Information)

Querying Azure cost information with PowerShell for tracking can also give us another tool for auditing these costs, such as identifying if a resource was mis-scaled by an attacker. We will want to be extremely careful with who has access to get this information. Allowing developers to access appropriate resources will help us move forward in development, but getting cost information should be restricted. We can and will distribute the appropriate cost information to teams in larger or medium size organizations – startups are an exception here since they tend to involve small teams and may already have access to this information in their profile. One reason why I recommend saving this information to worksheets or SQL databases (when required) is that developers can access these files or databases without having too much permissions to Azure resources.

使用PowerShell查询Azure成本信息以进行跟踪也可以为我们提供另一种审核这些成本的工具，例如，确定资源是否被攻击者错误缩放。 我们将非常小心谁有权获得此信息。 允许开发人员访问适当的资源将有助于我们前进，但是获取成本信息应受到限制。 我们可以并将适当的成本信息分发给大型或中型组织中的团队-此处的创业公司是个例外，因为它们倾向于涉及小型团队，并且可能已经可以在其个人资料中访问此信息。 我建议将此信息保存到工作表或SQL数据库（需要时）的原因之一是，开发人员可以访问这些文件或数据库而无需对Azure资源拥有太多权限。

结论 (Conclusion)

As we’ve seen, we can extract Azure cost information easily with PowerShell and retain this information for sharing with teams how we see fit. On the organization side, we’ve seen how we can group information by the tags we’ve set up or by the resources we’ve named – if we followed organized naming conventions that allow us to track this by resources instead of tags. While we looked at resources under one subscription, keep in mind we can also scale by subscription – especially if we do subscription level scaling for application types, environments, etc. Finally, we looked at using this information for security as another audit to possibly detect inappropriate activity, even if the activity occurred by a legitimate user who may have had credentials compromised or made a mistake in scaling resources.

如我们所见，我们可以使用PowerShell轻松提取Azure成本信息，并保留此信息以与团队共享我们认为合适的方式。 在组织方面，我们看到了如何按照设置的标签或命名的资源对信息进行分组-如果我们遵循组织化的命名约定，该约定使我们能够按资源而不是标签进行跟踪。 当我们查看一个订阅下的资源时，请记住，我们也可以按订阅进行扩展-尤其是当我们针对应用程序类型，环境等进行订阅级扩展时。不适当的活动，即使该活动是由合法用户执行的，该用户可能已经破坏了凭据或在扩展资源方面犯了错误。

目录 (Table of contents)

翻译自: https://www.sqlshack.com/extract-azure-costs-using-powershell/

powershell 使用