Autore Topic: Cloud Custodian - Rules Engine For Cloud Security, Cost Optimization, And Governance, DSL In Yaml For Policies To Query, Filter, And Take Actions On Resources  (Letto 135 volte)

0 Utenti e 1 Visitatore stanno visualizzando questo topic.

Offline Flavio58

Advertisement
Cloud Custodian - Rules Engine For Cloud Security, Cost Optimization, And Governance, DSL In Yaml For Policies To Query, Filter, And Take Actions On Resources


Cloud Custodian is a rules engine for AWS fleet management. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified metrics and reporting.
Custodian can be used to manage AWS accounts by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management.
Custodian policies are written in simple YAML configuration files that enable users to specify policies on a resource type (EC2, ASG, Redshift, etc) and are constructed from a vocabulary of filters and actions.
It integrates with AWS Lambda and AWS Cloudwatch events to provide for real time enforcement of policies with builtin provisioning of the Lambdas, or as a simple cron job on a server to execute against large existing fleets.

 
Features
  • Comprehensive support for AWS services and resources (> 100), along with 400+ actions and 300+ filters to build policies with.
  • Supports arbitrary filtering on resources with nested boolean conditions.
  • Dry run any policy to see what it would do.
  • Automatically provisions AWS Lambda functions, AWS Config rules, and Cloudwatch event targets for real-time policies.
  • AWS Cloudwatch metrics outputs on resources that matched a policy
  • Structured outputs into S3 of which resources matched a policy.
  • Intelligent cache usage to minimize api calls.
  • Battle-tested - in production on some very large AWS accounts.
  • Supports cross-account usage via STS role assumption.
  • Supports integration with custom/user supplied Lambdas as actions.
  • Supports both Python 2.7 and Python 3.6 (beta) Lambda runtimes

 
Quick Install
$ virtualenv --python=python2 custodian
$ source custodian/bin/activate
(custodian) $ pip install c7n
 
Usage
First a policy file needs to be created in YAML format, as an example:
policies:
- name: remediate-extant-keys
  description: |
    Scan through all s3 buckets in an account and ensure all objects
    are encrypted (default to AES256).
  resource: s3
  actions:
    - encrypt-keys

- name: ec2-require-non-public-and-encrypted-volumes
  resource: ec2
  description: |
    Provision a lambda and cloud watch event target
    that looks at all new instances and terminates those with
    unencrypted volumes.
  mode:
    type: cloudtrail
    events:
        - RunInstances
  filters:
    - type: ebs
      key: Encrypted
      value: false
  actions:
    - terminate

- name: tag-compliance
  resource: ec2
  description: |
    Schedule a resource that does not meet tag compliance policies
    to be stopped in four days.
  filters:
    - State.Name: running
    - "tag:Environment": absent
    - "tag:AppId": absent
    - or:
      - "tag:OwnerContact": absent
      - "tag:DeptID": absent
  actions:
    - type: mark-for-op
      op: stop
      days: 4
Given that, you can run Cloud Custodian with:
# Validate the configuration (note this happens by default on run)
$ custodian validate policy.yml

# Dryrun on the policies (no actions executed) to see what resources
# match each policy.
$ custodian run --dryrun -s out policy.yml

# Run the policy
$ custodian run -s out policy.yml
Custodian supports a few other useful subcommands and options, including outputs to S3, Cloudwatch metrics, STS role assumption. Policies go together like Lego bricks with actions and filters.
Consult the documentation for additional information, or reach out on gitter.
 
Get Involved
Mailing List - https://groups.google.com/forum/#!forum/cloud-custodian
Gitter - https://gitter.im/capitalone/cloud-custodian
 
Additional Tools
The Custodian project also develops and maintains a suite of additional tools here https://github.com/capitalone/cloud-custodian/tree/master/tools:
Salactus
Scale out s3 scanning.
Mailer
A reference implementation of sending messages to users to notify them.
TrailDB
Cloudtrail indexing and timeseries generation for dashboarding
LogExporter
Cloud watch log exporting to s3
Index
Indexing of custodian metrics and outputs for dashboarding
Sentry
Log parsing for python tracebacks to integrate with https://sentry.io/welcome/



Source: Cloud Custodian - Rules Engine For Cloud Security, Cost Optimization, And Governance, DSL In Yaml For Policies To Query, Filter, And Take Actions On Resources


Consulente in Informatica dal 1984

Software automazione, progettazione elettronica, computer vision, intelligenza artificiale, IoT, sicurezza informatica, tecnologie di sicurezza militare, SIGINT. 

Facebook:https://www.facebook.com/flaviobernardotti58
Twitter : https://www.twitter.com/Flavio58

Cell:  +39 366 3416556

f.bernardotti@deeplearningitalia.eu

#deeplearning #computervision #embeddedboard #iot #ai

 

Related Topics

  Oggetto / Aperto da Risposte Ultimo post
0 Risposte
124 Visite
Ultimo post Luglio 05, 2018, 04:14:59 am
da Flavio58
0 Risposte
63 Visite
Ultimo post Settembre 20, 2018, 10:03:21 am
da Flavio58
0 Risposte
98 Visite
Ultimo post Settembre 25, 2018, 02:03:10 pm
da Flavio58
0 Risposte
20 Visite
Ultimo post Agosto 14, 2019, 06:14:16 pm
da Ruggero Respigo
0 Risposte
3 Visite
Ultimo post Gennaio 09, 2020, 06:37:59 pm
da Flavio58

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326