-
Notifications
You must be signed in to change notification settings - Fork 2
Home
Welcome to the cloudcustodian-policies wiki!
• Using Cloud Custodian (a.k.a C7N) for Cloud Governance in AWS
• It Python CLI tool that gives you powerful account management capabilities with a simple config file.
• It can help us manage your AWS account using a simple policy config file and time-based or event-based Lambdas.
• Custodian is an open source rules engine for fleet management in AWS.
• YAML DSL for policies based on querying resources or subscribe to events then apply filters and take actions.
• Cloud Custodian will automatically provision event sources and lambda functions.
• Outputs to Amazon S3, Amazon Cloud Watch Logs, Amazon Cloud Watch Metrics.
Problem Statement: AWS allows you to build enormous and complex cloud infrastructures in a matter of hours. With the ability to create resources so easily, sometimes it can be hard to manage all those resources.
Solution: If only there were a simple but powerful tool that could manage it all is Cloud Custodian (a.k.a C7N).
• Drives Behavior Change
• Notifies users in real-time as they do something wrong.
• Drives Compliance
• Security/Access Control, Encryption, Backups, etc.
• Drives Cost Savings
• Off-hours, Monitoring and Garbage Collection of unused and underutilized resources.
- We need to create IAM roles with appropriate permissions
- You will have to edit your trust relationship for the role to incorporate the lambda function. Every policy targets a particular resource type (like EC2, S3, etc). They are a bunch of YAML files. To run a policy, just write it in a YAML file and just run it.
With the reference of installation steps.