I'm new to Azure and trying to get my head around Application Insights. I'm looking to understand if there are any potential cost risks or security vulnerabilities related to using it. Specifically, I'm curious about things like:
- Could logging excessive data unexpectedly increase my costs?
- Are there misconfigurations that could expose sensitive information, such as personally identifiable information (PII), API keys, or request payloads?
- Do features like dependency tracking, live metrics, or custom telemetry come with hidden drawbacks?
- What should I know about data ingress and egress security tiers?
I'm hoping to learn from those who have hands-on experience so I can avoid pitfalls when implementing it in real projects. Any insights would be appreciated!
5 Answers
I learned the hard way about logging costs, especially with open telemetry and dependency tracking. It racked up a huge bill by logging millions of entries daily. I eventually turned off excessive logging but ended up with an €800 bill before I did! Now, I keep logging to a minimum unless it’s for important processes, and I only log in debug mode for less critical areas to reduce clutter. It's also important to ensure no sensitive information is being logged to comply with GDPR requirements.
Yes, there are definitely risks and trade-offs to keep in mind. If you're concerned about costs, it's smart to set up budget alerts to avoid surprises. I've used Application Insights in production for several projects, and it can add up! You can find more detailed info on potential issues in the Azure documentation.
Our Application Insights bills exceed a million dollars a year; it’s the largest component of our cloud expenses, so yes, costs can get out of hand!
Yikes! It sounds like careful monitoring of usage is essential if you're hitting those kinds of figures.
Invest some time to learn about adaptive sampling; it’s a real game changer. Testing in a non-production environment is crucial, so you don’t lose valuable telemetry data in production later on.
Make sure to secure Application Insights with Entra authentication. A lot of people overlook this step. Disabling local auth and assigning proper roles to your app metrics publisher can help prevent unauthorized access and potential misuse of your instrumentation key, which could lead to spammy traffic in your Application Insights.
Wow, that's a hefty price tag! With expenses like that, it might be worth exploring dedicated APM solutions like Datadog or Dynatrace instead.