 Today, I'm going to speak about cost visibility of infrastructure using IMPRA cost tool. Little bit about me. I am a platform engineer at Liquid Reply and that awesome person is the co-founder of Liquid Reply. Hi, Max. A little bit more about me. I like watches, non-digital watches, actually, and how many people in this room like watches? Non-digital watches. One, two, three. Okay. People who like watches. People who like watches. Do you like this watch? Raise your hand. Yeah. Okay. Will you buy it? Will you buy it? Thank you. That's what I was asking. Before you buy anything in real life, you are asking how much? Compare prices everywhere and then you buy what you think is fair for the good quality. But when it comes to your infrastructure cost, you just choose things without caring about how much it costs. To be honest also, that cloud provider also, they do make it easy for us. They just give you the cost per hour and then you have to calculate in your brain how much is that or you choose Chinese methods to calculate. But don't worry, for this problem, the team of InfraCost, they created a very good tool. You still be lazy to calculate, but you can use the InfraCost and you see the monthly cost. Today, Jenda will be to speak about InfraCost and how InfraCost actually work. And how to write your own action using GitHub Actions. And whether your company is using monolithic or microservice pattern, we are going to speak about how to adapt our action for both cases. And at the end, I'm going to speak about demo. I'm going to show you a demo, actually. I cannot speak about demo. And what's InfraCost? How many people know what's InfraCost? Have used this tool before? One, two, three, amazing. So you can't tell us what's InfraCost. InfraCost is developed by InfraCost team, as already mentioned. It designed to scan Terraform code changes. Obviously, you have to use Terraform. If you don't use Terraform or open Terraform nowadays, you cannot use this tool. It provides an understandable cost estimation for your infrastructure. And the purpose of doing this is to prevent unacceptable costs. Like, you don't wake up in the next morning while your company or your startup lost 10K in one night. So that's the pair. How it works, actually. It just scans your Terraform plan, actually, your Terraform code. Before you apply it, the purpose of, like, InfraCost is not like, after you apply, you see the cost, no. Before you apply it, before you create your infrastructure, you see the cost of it. And you say, aha, why is this and why is that? We should not do this, and we should remove this to a smaller one or a smaller instance. It generates an estimation that you can see it in a pull request and whether you approve the pull request or not. And you can also integrate it in your CI CD as we are going to do later. Well, actually, InfraCost works with different CI CD tools. If you go to the documentation of InfraCost, you will see the CI CD tools that you can integrate it with. But today, we are only interested in the GitHub actions. You can, if your company use Jenkins or CircleCI or whatever CI CD tools, you can go ahead and try to apply what you learned today there. So, before we start, we need a little bit of preparation. Obviously, we need to install InfraCost, and then we need to retrieve the API key. In order to retrieve the API key, you need to use this command, InfraCost, configure, get API key, and the result, you will have the key. What will we do with the key? People who actually work with GitHub actions know that the CLI or any CLI needs the key to run the InfraCost. So, in case of GitHub action, we need to store the key in Secrets. And the Secrets, how do you store it? You go to Settings, Secrets, Action. And then when you click there, you will see these windows. In this window, you add the name of the key, and then you add the value of it, and then you save. So, that's it. Done, right? Now you are ready to create your own action, to create an action. As I mentioned that in InfraCost documentation, you can see a template. How to integrate it with your CLI tool, like GitHub action or Jenkins. Copy-paste is amazing, right? Easy, simple. It takes you five minutes. If something went wrong, it will take you ten minutes to finish this. Simple. You don't even have to understand what is this. What's the first line? What is this permission for request, right? You will never understand it until you try to recreate it, right? This is from one side. One side you will be a better engineer if you try to recreate things, understand them, apply them. The second side is security. Like, what happened to look for J could also happen to InfraCost, right? Then, all of a sudden, your company will be in danger and then... Yeah, good luck. So, for security practices, you need to write your own action. I know it's not easy, it's not simple, but it's a good practice. You see this, if you can see it, I think I have a problem. Okay. Here also, you can see the InfraCost comment, you don't understand what is this. So, today we are going to create our own action using container action. If you are not familiar with container action, it is something like... In GitHub action, you can have different actions. Container action, JavaScript action, or composite action. And today we are going to focus only on container action. Container action has actually three components. The first one is ActionYAML, second one is Dockerfile, and the third one is EntryPoint, or actually a scripting language, whatever you want in either Python or script. The main purpose of ActionYAML is to call actually the Dockerfile, and the Dockerfile contains the installation steps that the EntryPoint needs, and the EntryPoint actually has the logic in which you can implement, like, to make your code work. If you are interested in how to create a container action or JavaScript action, you can also see the documentation, and it's actually step-by-step, like creating Dockerfile, ActionYAML, and write your code. Sorry. So, today we are going to speak about it, but before that, let me show you how it works. Here is my ActionYAML. If you can see in the ActionYAML, it has, you can give it a name, any name, and then description is optional. Actually, you don't have to it, but the main purpose of this YAML is runs using Docker, and then the Dockerfile. You specify there is a Dockerfile need to be called. For branding, I just added it to customize the appearance for the action and to set up the icon to a terminal. So, basically, the main purpose of this action is to call the Dockerfile. If you are familiar with Dockerfile, you will know what is the first line, actually. It is the base image of the Dockerfile, and as usual, the Dockerfile contains just the installation steps that the action needs. So, I installed the Terraform file, because I'm going to use it later on. I'm going to show you in the demo where I used it, and installing also the Terraform, the InfraCost, obviously, because I needed to install InfraCost in order to use it in the action, and GitHub CLI to comment my plan and my InfraCost to GitHub for requests, and finally, I'm giving permission for entry point and calling the entry point. So, I have prepared two entry points for different use cases. The first use, the first entry point is if your company is using microservice approach. What does microservice approach means? It means that your company has a repo, a single directory, Terraform directory for the service, which means that you have only one single Terraform directory in the repo story. In this case, it's simple. How are we going to do that? So, we'll explain line by line what this entry point is doing. The first line is telling that is a bash script, and the second line is comparing your changes in the current branch with the main branch. It says, if you are familiar with this command, you will see that this command is giving you the difference between your branch and the main branch, and actually, I would like to show you the output of this. So, my current branch has changes in the InfraCost directory with Dockerfile action, basically the files that got changed in the InfraCost repo or the InfraCost directory. So, what does this label do? If I remove this label, it won't give you only the name. It will give you all the changes that happens in this command or in this branch. It's dirty. You cannot see any more the directories that you want to see the changes in. So, it's better that for our purpose, we need to use the label name, dash, dash, name only. And the second, we are defining an environment variable, which is fetched the first variable or parameter in the command that changed. So, in our case, it's fetched the name of the InfraCost, the directory here. I would like to show you also what is this doing, but I need to do this first. Then, when I run this command... Oh, sorry. What is the expected output? What do you think? Not the file, the name of the directory that the change is happening. That's InfraCost directory. So, after that, we're going to obviously CD to the directory and then run InfraCost command to break down the cost of your InfraCost. And then after that, you see here also the PR number. Why do we want the PR number? Because InfraCost, in order to comment it to GitHub, they actually require the PR number. And in order to get the PR number, you have the GitHubRef, which contains the PR number. And the PR number is the third variable of GitHubRef. If you don't believe me, you can go and check the documentation and then you see that the GitHubRef is the third variable. But in case only of world request, if your pipeline doing something else to push through the branch or doing something else is not going to work. So, this is in case of microservice. The other case is the monologic. What your company has one single repo for all the directories, the Terraform directories for all services the company has, which is actually a best practice in case of repo because your developer team will focus on their repository and your SRE team will focus on their repositories and they're managing their repositories. So, what do you think would be the solution if I have multiple directories, not only one? In case not InfraCost, another Terraform directory and so on. What should I do? Simple calling problem. Any idea? For loop. For loop always solves the problem. So, in case a few have multiple directories and these actually we are doing exactly the same besides that I am asking here, I am looping through the directories. If you have the one single directory, go and actually run Terraform in it. I actually added this Terraform in it to show the plan in the comment that I will show you later in the demo. And then I commented it in the line 33. Don't feel afraid. It's really simple and it's just using CLI's commands. There's no complicated logic. The only new logic here is I am looping through the directories I created. And then I go one by one, see the changes, apply the Terraform in it and then apply the Infra cost breakdown. How is this work? I can show you in a while. Okay. Here is our repository that contains Terraform. I prepared this because I don't have enough time to prepare it live, but I created two services. Imagine I couldn't come with a better name, actually service one, service two. And then I created the pipeline that is going to be in pull request. Actually in GitHub action you can do on push, on pull request, on workflow call. Why did I use pull request? I just said it at the beginning. You didn't pay me attention. I did it in pull request because otherwise your PR number is not going to be fetched from the GitHub ref. Because GitHub ref only fetched the PR number. The third variable from GitHub ref is the PR number only in pull request. And other changes in a push or in branches, they are different. The GitHub ref is different. So I am calling actually the action that I created and then using Infra cost key that I saved at the beginning in the GitHub action secret. So this is a simple Terraform I created actually. I just copy paste it from internet. It's simple. And here I use actually instance. And the other service has actually exactly the same but in a different directory. Well, I would like here also to introduce the Infra cost plug-in, which you can download it here writing Infra cost. But this only work if you are using Visual Studio Code. If you are using another ID, it won't work like IntelliJ . It's not going to work. So you use it, you install it and then you connect it to your GitHub. And a good thing about these is that you can see the cost live. So if I change these to micro, you will see the cost here changed. You see it's loading and it's $10 per month for micro if. For some reason you want to go for medium. You will see it live change, which doesn't make any sense. It should be 20 euros. Ah, that's a typo. Again, let's go for large. It's easy to write large. Okay, you see it's 97 per month if you use a large instance. Another thing is our action. We want to use it in case if you are not using Visual Studio Code, you are using something else, we can actually use see what our action is doing. We are going to change also in the other service. We are going to make it also small. In order to make this whole thing works, we have to do actually create a PR. So let's go ahead and create a PR. Do a get status to see what we changed actually. I see only service 2. What's service 1? I didn't change anything. Now I see changes in two different directories, two different services. So now I go ahead and add them to service 1. Main TF. Service 2. Main TF. Get commit add of course. Get commit minus AM. Now we push our changes and create a PR request. As you can see here is our PR request. I call it demo also and create a PR request. The moment you create a PR request, if you go to actions, you will see your pipeline running. You can see all the steps. You are building actually your demo and then you are running infracost. And when it's green, actually we can go ahead and see our PR what is doing here. It's not done yet. But I can show you that the first you can see the changes for the first service and the diff, actually the workspace I just created in the entry point. And you can see everything I just created the VPC with a security group and everything. And you are supposed to see the infracost that didn't work. And you saw also the plan, the changes also for the second one and then you are supposed also to see but I think it doesn't work but I can show you this locally what it's supposed to do. For some reason it didn't work but I will show you here how it should work. If we run here infracost break down here you can see that here you can see that the infracost will show you exactly what happened what type of instance you choose and how much it costs and how many hours will it be used for and you will see at the end the cost estimation and each service is how much and totally you have 31 a dollar for this for this plan actually. It's simple you can go ahead and write it for yourself it's really easy. If you want to know more you can even read my blog post and then you can apply what I did today is here also step by step if you like it go ahead and try it and don't be frustrated if it doesn't work from the first time it never work actually from the first time what I want to summarize actually copy pasting is easy it's easy to use infracost template simple but then there is also downside for security leaks you cannot it's difficult to write your action maybe you are suffering maybe it won't work you need to figure out how to make it work nobody gonna help you for that but this will make you a better engineer and you will understand things better. I think that's it if you are interested to discuss about this you can follow me in LinkedIn write me in LinkedIn or this is actually my Twitter and this is my LinkedIn it's now Instagram questions yes please I haven't tried that yet because it's a new topic but if there is some difficulties sure they can like they can overcome it and they can give a solution I mean I think it will work also the same but in case it doesn't work I'm quite sure infracost they can adapt. Another question not all of you together yeah thank you of course it can work also with Modo but yeah it can work also for different regions but you need to adapt your pipeline for different regions not the actual code this code will work all with all regions but your pipeline has to to have the regions as an environment variable so every time it comes different region it applies to that region yes please what do you use to reform for your cluster I don't understand I think you can also use it because provision and artist scaling group I don't think they cost per month this is actually you are going to Kubernetes cost a cluster cost which is your infracost cannot work there you there is also another tools maybe I can give another talk about it is for like managing your cluster cost yeah I'm saying if it is managing your cluster cost is not is only managing before you create your infrastructure in the cloud yeah but if it is if you want to manage your cluster cost infracost is not a good option for you that's it thank you for coming