Cloud Custodian v0.8.43.1 releases: Rules engine for cloud security

Cloud Custodian

Cloud Custodian is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well-managed cloud infrastructure, that’s both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified metrics and reporting.

Custodian can be used to manage AWS, Azure, and GCP environments by ensuring real-time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management.

Cloud Custodian

Custodian policies are written in simple YAML configuration files that enable users to specify policies on a resource type (EC2, ASG, Redshift, CosmosDB, PubSub Topic) and are constructed from a vocabulary of filters and actions.

It integrates with the cloud-native serverless capabilities of each provider to provide for real-time enforcement of policies with built-in provisioning. Or it can be run as a simple cron job on a server to execute against large existing fleets.

Engineering the Next Generation of Cloud Governance” by @drewfirment

Features

  • Comprehensive support for public cloud services and resources with a rich library of actions and filters to build policies with.
  • Supports arbitrary filtering on resources with nested boolean conditions.
  • Dry run any policy to see what it would do.
  • Automatically provisions serverless functions and event sources ( AWS CloudWatchEvents, AWS Config Rules, Azure EventGrid, GCP AuditLog & Pub/Sub, etc)
  • Cloud provider native metrics outputs on resources that matched a policy
  • Structured outputs into cloud-native object storage of which resources matched a policy.
  • Intelligent cache usage to minimize api calls.
  • Supports multi-account/subscription/project usage.
  • Battle-tested – in production on some very large cloud environments.

Changelog v0.8.43.1

Azure – add v1 of effective route table filter (#3802)

Install && Use

Copyright 2015-2017 Capital One Services, LLC

Share