Unexpected Recreation and Cost Increase of Deleted SQL Database in Azure: Is it a Bug or an Expected Behavior?
I am encountering an issue where a SQL database that I deleted reappeared and caused unexpected high costs on our Azure account.
Background:
- On June 11, my boss asked me to review our Azure bill and remove any unnecessary resources. I am the only person actively using Azure in our company.
- I found a SQL database resource costing $5 per month and deleted it on that day. I saw the deletion completion message.
Issue:
- A week ago, I noticed an extra $200 charge on our Azure cost report. Upon investigation, I found that the SQL database I had deleted was still there and upgraded to a production level service plan.
- After spending some time to understand what happened, it seems that an unused API was attempting to access the SQL database using a SQL connection string with SQL user credentials. This action appears to have caused the SQL server to automatically recreate the SQL database.
- Only after I removed the SQL server, I was able to delete SQL database.
My expected behavior:
- I remove a database and any other resource trying to use it will just stop working.
Questions:
- Expected Behavior or Bug?: Is this automatic recreation of the SQL database expected behavior, or is it a bug? I was under the impression that resource creation required explicit actions via Azure Web Application or Application Registration.
- Cost Discrepancy: We were using a basic level SQL database, which cost $5 per month. How did it turn into a production-level database with significantly higher costs? Is it possible to change this using only SQL Connection String?
Relevant Code:
Program.cs
var sqlConBuilder = new SqlConnectionStringBuilder();
sqlConBuilder.ConnectionString = builder.Configuration.GetConnectionString("SQLDbConnection");
builder.Services.AddDbContext<AppDbContext>(opt => opt.UseSqlServer(sqlConBuilder.ConnectionString));
builder.Services.AddScoped<IUsageRepo, UsageRepo>();
UsageRepo.cs
public class UsageRepo : IUsageRepo
{
private readonly AppDbContext _context;
public UsageRepo(AppDbContext context)
{
_context = context;
}
public async Task CreateUsage(Usage usage)
{
if (usage == null)
{
throw new ArgumentNullException(nameof(usage));
}
await _context.AddAsync(usage);
}
// Other methods...
}
Screenshot of Azure Monitor for deletion logs (There is no log for SQL Database created, after I removed it I can see the database update log with the same database name):
Thank you for your support.
Best regards,
Mert
First of, I'd try to open a Billing Support case and try to lay down your situation to them. Eventually they will waive that costs. But they are the only instance which can help you in this case. Just go to the Azure Portal and Search for support (Billing Support doesn't require a Support Plan). https://azure.microsoft.com/en-us/support/create-ticket/
Coming to the code part, you are using entity framework. IF you run within the model creation Database.CreateIfNotExists(), then indeed your code when you execute will try to create that Database.
I am not 100% sure what the default SKU is, but P1 might be exactly what you were experiencing, right?
When you use the connection string with the SQL Admin user you created on the SQL Server, this user will have the permissions to create a new Database, and as Azure SQL Server supports also Scaling Operations and Database creation via SQL commands it is totally possible to create a database without an action over the Azure Portal. And if I remember correctly, those are not reflected in the activity logs then. Only SQL audit (if enabled). In general it is advisable to use low-privileged users for data operations or use EntraID based authentication here.
TL;DR; expected behavior as your code was creating the database, and if it has the permissions to create one, it will do so.
- MS Graph API - How to query additional pages
- how to hash users into random values in azure databricks
- How can I manage Azure SQL user/login/credentials
- How to connect secrets value stored in Azure key vault to Azure app service env variables directly
- AVD Insights Host Performance Blade Empty after vhange to new Azure Monitoring Agent
- How to get a list of users from azure graph API
- Azure App Service Flask Deployment Error: "Failed to Respond to HTTP Pings on Port 8000; Site Start Failed. Check Container Logs for Debugging."
- Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
- Az-GetRoleAssigments Not returning Data for DisplayName, SignInName & Object Type - Azure Powershell Runbook
- Can you publish a new standalone Angular project (esproj) directly from VS2022 to Azure?
- Cors configuration
- Publish error: Found multiple publish output files with the same relative path
- remove event subscriptions from system topics
- node-fetch azure document translator
- Is it possible to use .env in a React Web project?
- Sign in to Azure Account from VS Code
- How to copy blobs from azure to aws using python?
- AKV10032: Invalid issuer error when connecting to Azure Key Vault from App Service
- how to mask hash users into random values [email protected] in azure databricks
- Can we use PostgREST API with Azure
- Bicep adding DNS Records saying already exists when it doesn't
- Issue in sending personal message in MS Teams with Graph API
- import files to databricks workspace
- Create an Api connection to log analytics workspace via bicep
- az funcapp publish .net8 Isolated breaking Azure configuration runtime settings on Sync
- Is there a way to get more than 1000 Packages and versions from Azure DEVOPs Feed RESTAPI for GET Packages?
- how to insert json into cosmos db collection using c#
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- How to connect Azure Postgre Server to Google Looker Studio
- Azure SignalR: None of the transports supported by the client are supported by the server