Skip to content

AWS Policies support

Latest
Compare
Choose a tag to compare
@athiruma athiruma released this 27 Sep 17:53
· 684 commits to main since this release
8ad7177

Cloud-Governance 1.1.0

AWS support

This release run policies against AWS account and upload result into ElasticSearch and visualize the result in dedicated Grafana dashboards.
Cloud-Governance 1.1.0 supports Python 3.9 and higher.

Major Feature List

  1. Policies
    1. ec2_idle: Stop the running ec2 instances when CPU < 5%, NetWork < 5Kb, send action alert to user before stopping.
    2. ec2_stop: Delete stopped ec2 instances more than 30 days and create AMI from it and send alert notification to the user.
    3. ebs_unattached: Delete unattached ebs volumes.
    4. tag_resources: Auto tagging AWS resources by an IAM User tags ; EC2, EBS, Snapshot, AMI and *Cluster Resources.
    5. cost_explorer: Fetch cost explorer reports based on daily User tag usage and uploaded to ElasticSearch and visualize in Grafana dashboards.
    6. cost_over_usage: This rule trigger notification to user when over usage.
    7. zombie_cluster_resource: Scan and delete zombie(unused) *Cluster resources.
    8. empty_buckets: delete empty buckets in the s3
    9. empty_roles: Delete the empty roles without policies
    10. zombie_snapshots: Delete the snapshots unused by AMI.
    11. zombie_elastic_ips: Delete elastic_ips which are not associated
    12. zombie_nat_gateways: Delete the NatGateways which are not used.

Note:

  • Cluster Resources
    1. Volumes
    2. Snapshots
    3. AMI
    4. Elastic Load Balancer/ v2
    5. VPC
    6. Subnets
    7. RouteTable
    8. NatGateways
    9. ElasticIps
    10. Security Groups
    11. Network Interfaces
    12. DHCP Options
    13. Roles
    14. User
    15. S3 Bucket
    16. Network ACL
    17. VPC Endpoint
    18. InternetGateway

How to run this polices

podman run --rm --name cloud-governance -e policy='ec2_idle' -e AWS_ACCESS_KEY_ID='$AWS_ACCESS_KEY_ID' -e AWS_SECRET_ACCESS_KEY='$AWS_SECRET_ACCESS_KEY' -e AWS_DEFAULT_REGION='us-east-2' -e dry_run='yes' -e policy_output='s3://bucket/logs' -e log_level='INFO' quay.io/ebattat/cloud-governance

Please report any issues with the release on the issues**