cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

  •        487

Cloud Custodian is a rules engine for AWS fleet management. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified metrics and reporting. Custodian can be used to manage AWS accounts by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management.

https://developer.capitalone.com/opensource-projects/cloud-custodian
https://github.com/capitalone/cloud-custodian

Tags
Implementation
License
Platform

   




Related Projects

cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

  •    Python

Cloud Custodian is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified metrics and reporting. Custodian can be used to manage AWS, Azure, and GCP environments by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management.

CloudQuery - Transforms your cloud infrastructure into SQL database for easy monitoring, governance and security

  •    Go

CloudQuery transforms your cloud infrastructure into queryable SQL for easy monitoring, governance and security. CloudQuery pulls, normalize, expose and monitor your cloud infrastructure and SaaS apps as SQL database. This abstracts various scattered APIs enabling you to define security, governance, cost and compliance policies with SQL. CloudQuery comes with built-in policy packs such as: AWS CIS.

Pulumi - Developer-First Infrastructure as Code

  •    Go

The Pulumi Cloud Native Development Platform is the easiest way to create and deploy cloud programs that use containers, serverless functions, hosted services, and infrastructure, on any cloud. Simply write code in your favorite language and Pulumi automatically provisions and manages your AWS, Azure, Google Cloud Platform, and/or Kubernetes resources, using an infrastructure-as-code approach.

Clouddiscovery - The tool to help you discover resources in the cloud environment

  •    Python

Cloudiscovery helps you to analyze resources in your cloud (AWS/GCP/Azure/Alibaba/IBM) account. Now this tool only can check resources in AWS, but they are working to expand to other providers. The tool consists of various commands to help you understand the cloud infrastructure. It provides a CLI to easily perform desired actions.


regula - Regula checks infrastructure as code templates (Terraform, CloudFormation) for AWS, Azure and Google Cloud security and compliance using Open Policy Agent/Rego

  •    Open

Regula is a tool that evaluates CloudFormation and Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security and compliance violations prior to deployment. Regula includes a library of rules written in Rego, the policy language used by the Open Policy Agent (OPA) project. Regula works with your favorite CI/CD tools such as Jenkins, Circle CI, and AWS CodePipeline; we’ve included a GitHub Actions example so you can get started quickly. Where relevant, we’ve mapped Regula policies to the CIS AWS, Azure, and Google Cloud Foundations Benchmarks so you can assess compliance posture. Regula is maintained by engineers at Fugue.

honeyLambda - honeyλ - a simple, serverless application designed to create and monitor fake HTTP endpoints (i

  •    Python

honeyλ allows you to create and monitor fake HTTP endpoints automatically. You can then place these URL honeytokens in e.g. your inbox, documents, browser history, or embed them as {hidden} links in your web pages (Note: honeybits can be used for spreading breadcrumbs across your systems to lure the attackers toward your traps). Depending on how and where you implement honeytokens, you may detect human attackers, malicious insiders, content scrapers, or bad bots. This application is based on Serverless framework and can be deployed in different cloud providers such as Amazon Web Services (AWS), Microsoft Azure, IBM OpenWhisk or Google Cloud (Only tested on AWS; the main function may need small changes to support other providers). If your cloud provider is AWS, it automatically creates HTTP endpoints using Amazon API Gateway and then starts monitoring the HTTP endpoints using honeyλ Lambda function.

aws-lambda-ffmpeg - An S3-triggered Amazon Web Services Lambda function that runs your choice of FFmpeg ๐ŸŽฌ commands on a file ๐ŸŽฅ and uploads the outputs to a bucket

  •    Javascript

An AWS Lambda Event-driven function that resizes videos and outputs thumbnails using FFmpeg. This function is meant for short-duration videos. If you need to transcode long videos, check out AWS Elastic Transcoder. The different platforms have different naming conventions for their services. To simplify this, listed below is a proposed table of generalized terms that are platform-independent.

rdbox - RDBOX is an advanced IT platform for robotics and IoT developers that highly integrates cloud-native and edge computing technologies

  •    Shell

RDBOX is an advanced IT platform for robotics and IoT developers that highly integrates cloud-native and edge computing technologies. Prepare RaspberryPi and AWS or Azure or Google Cloud Platform or Laptop(With Vagrant). Of course, protect the app at all layers of the OSI reference model.

serverless-chrome - ๐ŸŒ Run headless Chrome/Chromium on AWS Lambda (maybe Azure, & GCP later)

  •    Javascript

Serverless Chrome contains everything you need to get started running headless Chrome on AWS Lambda (possibly Azure and GCP Functions soon). Why? Because it's neat. It also opens up interesting possibilities for using the Chrome DevTools Protocol (and tools like Chromeless or Puppeteer) in serverless architectures and doing testing/CI, web-scraping, pre-rendering, etc.

guide - Serverless Guide - An open-source definitive guide to serverless architectures.

  •    

Authored by the community, curated by Serverless, Inc. This is your definitive guide to serverless architectures. Inside, you will find everything you need to know about serverless development and how to be a serverless organization: patterns, best practices, case studies and everything in-between.

gardener - Kubernetes API server extension and controller manager managing the full lifecycle of conformant Kubernetes clusters (Shoots) as a service on AWS, Azure, GCP, and OpenStack

  •    Go

The Gardener implements the automated management and operation of Kubernetes clusters as a service and aims to support that service on multiple Cloud providers (AWS, GCP, Azure, OpenStack). Its main principle is to use Kubernetes itself as base for its tasks. In essence, the Gardener is an extension API server along with a bundle of Kubernetes controllers which introduces new API objects in an existing Kubernetes cluster (which is called Garden cluster) in order to use them for the management of further Kubernetes clusters (which are called Shoot clusters). To do that reliably and to offer a certain quality of service, it requires to control the main components of a Kubernetes cluster (etcd, API server, controller manager, scheduler). These so-called control plane components are hosted in Kubernetes clusters themselves (which are called Seed clusters).

terratag - Terratag is a CLI tool that enables users of Terraform to automatically create and maintain tags across their entire set of AWS, Azure, and GCP resources

  •    HCL

Terratag is brought to you with โค๏ธ  by Let your team manage their own environment in AWS, Azure and Google. Governed by your policies and with complete visibility and cost management. Terratag is a CLI tool allowing for tags or labels to be applied across an entire set of Terraform files. Terratag will apply tags or labels to any AWS, GCP and Azure resources.

lambda-the-terraform-way - AWS Lambda using Terraform., an Introductory Cookbook

  •    Markdown

The objective of this tutorial is to understand AWS Lambda in-depth, beyond executing functions, using Terraform. This tutorial walks through setting up Terraform, dependencies for AWS Lambda, getting your first Lambda function running, many of its important features & finally integrating with other AWS services. Terraform will be the primary medium of demonstrating all these examples. Terraform is an infrastructure as code software that helps in managing resources in cloud, by various providers like AWS, GCP, Azure etc., Terraform enables creation of infrastructure by writing code in a declarative form.

infracost - Cloud cost estimates for Terraform in pull requests๐Ÿ’ฐ๐Ÿ“‰ Love your cloud bill!

  •    Go

Infracost shows cloud cost estimates for infrastructure-as-code projects such as Terraform. It helps DevOps, SRE and developers to quickly see a cost breakdown and compare different options upfront. Docker and Windows users see here.

Mist - Open source multi-cloud management platform

  •    Python

Mist is an open source platform for managing heterogeneous computing infrastructure, aka a Multi-Cloud Management Platform. The managed computing resources may be running on any combination of public clouds, private clouds, hypervisors, bare metal servers, container hosts. Mist provides a unified way to operate, monitor & govern cloud resources. The mission statement of the Mist platform is to help commoditize computing by alleviating vendor lock-in.

Kong - The Microservice API Gateway

  •    Lua

Kong is a cloud-native, fast, scalable, and distributed Microservice Abstraction Layer (also known as an API Gateway, API Middleware or in some cases Service Mesh). Backed by the battle-tested NGINX with a focus on high performance, Kong was made available as an open-source platform in 2015. Under active development, Kong is used in production at thousands of organizations from startups, Global 5000 and Government organizations.

crossplane - An Open Source Multicloud Control Plane

  •    Go

Crossplane is an open source multicloud control plane. It introduces workload and resource abstractions on-top of existing managed services that enables a high degree of workload portability across cloud providers. A single crossplane enables the provisioning and full-lifecycle management of services and infrastructure across a wide range of providers, offerings, vendors, regions, and clusters. Crossplane offers a universal API for cloud computing, a workload scheduler, and a set of smart controllers that can automate work across clouds. Crossplane presents a declarative management style API that covers a wide range of portable abstractions including databases, message queues, buckets, data pipelines, serverless, clusters, and many more coming. It’s based on the declarative resource model of the popular Kubernetes project, and applies many of the lessons learned in container orchestration to multicloud workload and resource orchestration.

corral - ๐ŸŽ A serverless MapReduce framework written for AWS Lambda

  •    Go

Corral is a MapReduce framework designed to be deployed to serverless platforms, like AWS Lambda. It presents a lightweight alternative to Hadoop MapReduce. Much of the design philosophy was inspired by Yelp's mrjob -- corral retains mrjob's ease-of-use while gaining the type safety and speed of Go. Corral's runtime model consists of stateless, transient executors controlled by a central driver. Currently, the best environment for deployment is AWS Lambda, but corral is modular enough that support for other serverless platforms can be added as support for Go in cloud functions improves.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.