Infracost: How to Get Started

Infracost is an open-source project released in June 2020 in its 0.1.0 version. It was created by cloud computing experts Hassan Khajeh-Hosseini, Ali Khajeh-Hosseini, and Alistair Scott. They have been working with cloud technologies since 2012 by providing solutions to tech giants such as Sony, Samsung, and Netflix.

Working with cloud providers and DevOps is all about speed, efficiency, and cost management. However, the cost of infrastructural changes can be challenging to gauge. A deployment that shifts allocated resources may lead to a displeasing bill at the end of the month.

Infracost aims to help companies estimate the cost of every IaC change made to their cloud infrastructure. One of the most difficult changes to determine is the cost associated with the deployment of new resources. Often they will require several structural adjustments. And this is where Infracost shines, providing a straight-to-the-point cost summary.

Infracost vs Terraform Cloud Cost Estimation

While Terraform Cloud offers a service similar to Infracost, there are some key differences between the two.

Infracost supports over 200 resources, while Terraform Cloud only supports 43 currently.
It supports usage-based resources and variable usage analysis.
It has its own CLI, which can be used standalone or integrated into your project's current workflow.
It can be used together with Terragrunt.
It generates easy-to-read HTML reports, or JSON, which can be integrated with other tools.

Their CLI tools are supported by the big three cloud providers: Amazon Web Services, Azure Cloud, and Google Cloud Platform. In addition, it can be integrated with many popular CI/CD tools, such as GitHub Action, GitLab CI, CircleCI, Bitbucket Pipelines, Atlantis, Jenkins, Azure DevOps, Terraform Cloud, and more.

Pricing Model

Infracost offers a free program with open-source code, cost breakdowns, diffs, CI/CD integration, and has a large community behind it to offer support.

They offer a negotiable Enterprise program supporting multiple teams, a dashboard to centralize analysis and cost management for larger projects. In addition, they also provide the ability to integrate Source Control Management (SCM) enterprise editions of GitHub, GitLab, and BitBucket. It also has a self-hosting option at this tier and dedicated support that can be reached to assist with any issues and use cases.

How Does It Work?

Infracost works by using its Cloud Pricing API backend service. Using the CLI tool, you can parse a Terraform plan in JSON file format. The API then cross-references the individual cost of each cloud resource in use and their related cost parameters based on the cloud provider. The costs returned will give you a monthly approximation of the changes found in your plan.

Infracost will not need any credentials or secret information to perform its functions. It will also not make any alterations to Terraform or to the cloud resources it analyses. Instead, the API uses the count of Terraform resource types, which ensures that new resources are always accounted for, ensuring freshly deployed resources are part of the generated report. If you still have questions about how Infracost works, you can find more information in their frequently updated FAQ.

Installing Infracost

This command will download and install the CLI tool for a Linux machine and place it inside /usr/local/bin

To download, execute:

  curl -fsSL https://raw.githubusercontent.com/infracost/infracost/master/scripts/install.sh | sh

After downloading the CLI, you can get a free API key to start using the tool by executing:

  infracost register

The .yml file with the key is saved at:

  ~/.config/infracost/credentials.yml

From here, no additional configuration is needed in most cases, and both complete breakdowns and differences (diff) between plans can be obtained by using the following commands:

  # Generates a complete breakdown of every modified resource by analyzing the plan file
infracost breakdown --path 
# Shows the difference in costs between current and planned states
infracost diff --path

How We Integrated Infracost to GitLabCI Pipeline at Bluelight

We have been using Infracost internally. However, we ran into an issue using our internal Terraform repository while running it with GitLabCI. As a result, we expected to be able to use our tfstate directly. Unfortunately, Infracost doesn't work with a remote tfstate. And since our tfstate is hosted on a remote S3 bucket, it failed.

To deal with this issue, we needed to add an extra step to our Terraform plan job to produce a plan file in JSON format, which Infracost can read and analyze.

To generate the file, we used the command:

  terraform show -json aws-buckets.tfplan > plan.json

This issue has to do with the current limitation of the tool, where it's unable to scan any remote tfstate. It might be by design, but it adds a problematic extra step to the workflow. Unfortunately, we weren't the first to face this issue. You can read more about it here.

Here’s what our .gitlab-ci.yml looked like and how we fixed this issue:

stages:
- plan
- infracost

.base-terraform: 
 image:   
  name: hashicorp/terraform:0.15.4   
  entrypoint:     
 - /usr/bin/env     
 - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 
 before_script:   
  - 'AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}'  
  - 'AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}'    
  - 'AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}'   
  - rm -rf .terraform   
  - terraform --version

.base-infracost: 
 image:   
  name: infracost/infracost:latest    
  entrypoint:      - /usr/bin/env  
 before_script:   
  - 'AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}'   
  - 'AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}'   
  - 'AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}' 
 script: "/scripts/ci/diff.sh"  
 variables:   
 path: "."   
 post_condition: '{"has_diff": true}'
#  - `'{"has_diff": true}'`: only post a comment if there is a diff. This is the default behavior.
#  - `'{"always": true}'`: always post a comment.

plan/aws:  
  stage: plan 
  extends: .base-terraform 
  script:   
     - cd aws; terraform init -backend-config us-west-2.backend.config; terraform plan -var-file=us-west-2.tfvars -out=aws.tfplan; terraform show -json aws.tfplan > plan.json  
dependencies:   
     - validate/aws 
artifacts:   
    expire_in: 1 day  
    paths:     
      - aws/aws.tfplan    
      - aws/plan.json 
 rules:   
 - if: $CI_COMMIT_BRANCH     
 changes:      
  - aws/*

infracost-job:  
 stage: infracost 
 extends: .base-infracost 
 variables:    
   path: aws/plan.json  
   terraform_plan_flags: -var-file=us-west-2.tfvars 
 dependencies:  
  - plan/aws 
 rules:  
  - if: $CI_COMMIT_BRANCH     
   changes:        
    - aws/*

When our pipeline runs a new change to our TF code, this is what our Pull Requests/Merge Requests are going to output as a comment:

These variables need to be defined in our CI settings:

  GITLAB_TOKEN INFRACOST_API_KEY
# AWS credentials, since we used a s3 bucket for the tfstate
AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_DEFAULT_REGION

The Future of Infracost

Infracost ongoing development has a lot in store, such as supporting more resources for AWS, GCP, and Azure Cloud. In addition, while Infracost is currently limited to Terraform, there are already plans to support Pulumi and CloudFormation.

If you wish to learn more about what Infracost has to offer for the future, which resources it will support next, new features planned, bugs fixed, and more, be sure to check their roadmap for the latest updates.

Conclusion

Infracost proved to be an incredible tool to use together with Terraform. It is essential to any DevOps Engineer looking to optimize and understand the costs of changes in infrastructure, deployment of services, and more. However, the tool still has plenty of space to improve. Supporting other cloud providers such as Digital Ocean will be a great addition. Integration with Slack and support for remote tfsstate are on our wish list.

Florian Pialoux's DevOps Blog