Cloud Custodian DocumentationΒΆ
Cloud Custodian is a tool that unifies the dozens of tools and scripts most organizations use for managing their public cloud accounts into one open source tool. It uses a stateless rules engine for policy definition and enforcement, with metrics, structured outputs and detailed reporting for clouds infrastructure. It integrates tightly with serverless runtimes to provide real time remediation/response with low operational overhead.
Organizations can use Custodian to manage their cloud environments by ensuring compliance to security policies, tag policies, garbage collection of unused resources, and cost management from a single tool.
Cloud Custodian can be bound to serverless event streams across multiple cloud providers that maps to security, operations, and governance use cases. Custodian adheres to a compliance as code principle, so you can validate, dry-run, and review changes to your policies.
Cloud Custodian policies are expressed in YAML and include the following:
The type of resource to run the policy against
Filters to narrow down the set of resources
Actions to take on the filtered set of resources
Navigate below to your cloud provider and get started with Cloud Custodian!
- Getting Started
- Configuring Azure Policies
- Examples
- Advanced Usage
- Azure Reference
- Azure Execution Modes
- Azure Common Actions
- Azure Common Filters
- AI + Machine Learning resources
- Active Directory resources
- Alerts Management resources
- Analytics resources
- Backup and Recovery resources
- Compute resources
- Containers resources
- Cost resources
- Databases resources
- Events resources
- Generic resources
- Integration resources
- Internet Of Things resources
- ML resources
- Media resources
- Monitoring resources
- Network resources
- Networking resources
- Resource Group resources
- Security resources
- Storage resources
- Subscription resources
- Web resources
- c7n-org: Multi Account Custodian Execution
- c7n-mailer: Custodian Mailer
- Custodian policies for Infrastructure Code
- Custodian Kubernetes Support
- cask: easy custodian exec via docker
- c7n-log-exporter: Cloud watch log exporter automation
- c7n-trailcreator: Retroactive Resource Creator Tagging
- c7n-policystream: Policy Changes from Git
- OmniSSM - EC2 Systems Manager Automation
- c7n-guardian: Automated multi-account Guard Duty setup
- c7n-salactus: Distributed Scale out S3 processing