Effective cloud cost management is crucial for organizations seeking to optimize spending while maintaining high performance. This article explores how Prisma Cloud customers can leverage custom RQLs to proactively identify and manage cloud cost optimization and performance improvements.
By integrating these custom policies into a Cost Optimization Compliance Standard, organizations can seamlessly detect non-compliant resources, trigger alerts, and streamline policy violations. This approach empowers cloud teams to address inefficiencies promptly, collaborate with compliance teams, and drive effective remediation. The following sections outline key strategies and technical benefits that underpin this cost optimization framework.
The workflow involves three simple steps:
Step 1: Create a Custom Compliance Standard and name it Cost Optimization. Then, click on the compliance standard and add the compliance requirement and compliance section. Once you complete creating custom policies as described in Step 2, map this compliance standard with the cost optimization policies.
Figure 1: Custom_Compliance_PaloAltoNetworks
Step 2: Create Custom RQLs as defined in the technical summary section to monitor each resource specifically—for example, EC2 instances, Load Balancers, EBS volumes, etc. Prisma Cloud monitors cloud resources for any violations against all the policies mapped to the Cost Optimization Compliance Standard.
Figure 2: Custom_Policy_PaloAltoNetworks
Once created, combine the custom policies into a compliance standard.
As seen in the image below, there are seven custom policies created for monitoring cost optimization, all grouped under the compliance standard Cost Optimization.
Figure 3: Alerts_tab_PaloAltoNetworks
Step 3: Create Alert Rules specific to the compliance standard, as shown in the screenshot below, to separate cost optimization alerts for remediation accordingly.
Figure 4: Alert_Rules_PaloAltoNetworks
Once the alert rule is created, navigate to the Alerts Overview section and verify that alerts have been triggered for the custom policies. Simply add the Cost Optimization filter, and it should display the triggered alerts.
Figure 5: Alerts_Tab_PaloAltoNetworks
This approach to cost optimization workflows is underpinned by the following key strategies and technical benefits:
Resource Efficiency: Identify unused or underutilized cloud resources, such as unattached Elastic IPs, dormant EC2 instances, and detached EBS volumes. By targeting these inefficiencies, they eliminate unnecessary costs while maintaining optimal operational performance.
Enhanced Security and Compliance: By integrating Prisma Cloud’s monitoring capabilities, customers can ensure that their cloud workloads meet both organizational policies and industry best practices. This reduces the attack surface by addressing security risks associated with unused or misconfigured resources, such as unpatched instances or exposed IPs.
Improved Workload Performance: Legacy resources, such as older EC2 instance types and outdated storage configurations, are upgraded to modern, cost-efficient alternatives. This results in optimized workloads that leverage advanced infrastructure features, reducing operational latency, and ensuring scalability.
Comprehensive Cost Visibility: Prisma Cloud provides detailed insights into cost trends and non-compliance issues across Prisma Cloud customers' cloud estates. These insights allow teams to prioritize remediation efforts, ensuring a continuous cycle of optimization and compliance improvement.
Streamlined Remediation Workflows: By automating alerts for policy violations and integrating them into compliance workflows, Prisma Cloud customers minimize the time to resolution for identified issues. This leads to quicker cost recovery and improved governance across cloud environments.
The combination of these strategies with Prisma Cloud’s advanced capabilities has enabled Prisma Cloud customers to achieve a dual benefit: substantial cost savings and enhanced workload performance. This translates to improved business outcomes and an optimized cloud environment, setting a benchmark for IT management excellence.
Technical Summary of Each Use Case
List of Use Cases
config from cloud.resource where api.name = 'aws-ec2-elastic address' AND (json.rule = instanceId does not exist AND json.rule = associationId does not exist)
config from cloud.resource where api.name = 'aws-ec2-describe-volumes' and json.rule = volumeType equals "gp2"
config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = '$.tags[*].key does not equal aws:eks:cluster-name and $.state.name equals running and $.networkInterfaces[0].ownerId is member of (AWS_Sandbox_account_Ids) and _DateTime.ageInDays($.launchTime) > 7'
config from cloud.resource where api.name = 'aws-ec2-describe-volumes' and json.rule = attachments is empty
config from cloud.resource where api.name = 'aws-ec2-describe-volumes' and json.rule = volumeType equals "io1"
config from cloud.resource where api.name = 'aws-elb-describe-load-balancers' and json.rule = instancesAttached is false
config from cloud.resource where cloud.service = 'Amazon EC2' AND api.name = 'aws-ec2-describe-instances' AND json.rule = instanceType starts with "c3" or instanceType starts with "c4" addcolumn instanceType
As you can see in the screenshot, multiple assets have been identified, and if remediated appropriately, these resources could lead to cost savings along with performance enhancements.
Figure 6: Compliance_Tab_PaloAltoNetworks
Prisma Cloud not only strengthens security but also plays a pivotal role in optimizing cloud costs and enhancing operational performance. By leveraging custom RQLs, organizations have achieved significant savings, improved resource utilization, and reinforced their cloud security posture. Continuous monitoring and proactive remediation ensure alignment with best practices, enabling a scalable and high-performance cloud environment.
Additionally, Prisma Cloud has been instrumental in identifying inefficiencies within AWS infrastructures, helping organizations refine their Cloud Cost Optimization (CCO) strategies. By addressing wasteful practices, outdated services, and underutilized resources, Prisma Cloud empowers customers to drive sustainable cost savings while maintaining operational excellence.
RQL Operators
RQL Examples Library
Prisma Cloud Compliance
Raqeeb Iliyas is a cybersecurity engineer specializing in cloud operations, performance monitoring, and compliance. With expertise in Prisma Cloud, he helps organizations optimize cloud costs, enhance security, and ensure regulatory compliance.
