Cloud Governance
What is it?
Cloud Governance tool provides a lightweight and flexible framework for deploying cloud management policies focusing on cost optimize and security.
This tool support the following policies: policy
Real time Openshift Cluster cost, User cost
instance_idle: idle ec2 in last 4 days, cpu < 2% & network < 5mb.
ec2_run: running ec2.
ebs_unattached: volumes that did not connect to instance, volume in available status.
ebs_in_use: in use volumes.
tag_resources: Update cluster and non cluster resource tags fetching from the user tags or from the mandatory tags
zombie_cluster_resource: Delete cluster’s zombie resources
tag_non_cluster: tag ec2 resources (instance, volume, ami, snapshot) by instance name
tag_iam_user: update the user tags from the csv file
cost_explorer: Get data from cost explorer and upload to ElasticSearch
ip_unattached: Get the unattached IP and delete it after 7 days.
s3_inactive: Get the inactive/empty buckets and delete them after 7 days.
empty_roles: Get empty roles and delete it after 7 days.
zombie_snapshots: Get the zombie snapshots and delete it after 7 days.
nat_gateway_unused: Get the unused nat gateways and deletes it after 7 days.
gitleaks: scan Github repository git leak (security scan)
cost_over_usage: send mail to aws user if over usage cost
tag_baremetal: Tag IBM baremetal machines
tag_vm: Tga IBM Virtual Machines machines
** You can write your own policy using Cloud-Custodian and run it (see ‘custom cloud custodian policy’ in Policy workflows).
Reference:
The cloud-governance package is placed in PyPi
The cloud-governance container image is placed in Quay.io
- Installation
- Configuration
- Run AWS Policy Using Podman
- Run IBM Policy Using Podman
- How to auto tag your account?
- Run Policy Using Pod
- Pytest
- Post Installation