Cloud-Governance 1.1.0
AWS support
This release run policies against AWS account and upload result into ElasticSearch and visualize the result in dedicated Grafana dashboards.
Cloud-Governance 1.1.0 supports Python 3.9 and higher.
Major Feature List
- Policies
- ec2_idle: Stop the running ec2 instances when CPU < 5%, NetWork < 5Kb, send action alert to user before stopping.
- ec2_stop: Delete stopped ec2 instances more than 30 days and create AMI from it and send alert notification to the user.
- ebs_unattached: Delete unattached ebs volumes.
- tag_resources: Auto tagging AWS resources by an IAM User tags ; EC2, EBS, Snapshot, AMI and *Cluster Resources.
- cost_explorer: Fetch cost explorer reports based on daily User tag usage and uploaded to ElasticSearch and visualize in Grafana dashboards.
- cost_over_usage: This rule trigger notification to user when over usage.
- zombie_cluster_resource: Scan and delete zombie(unused) *Cluster resources.
- empty_buckets: delete empty buckets in the s3
- empty_roles: Delete the empty roles without policies
- zombie_snapshots: Delete the snapshots unused by AMI.
- zombie_elastic_ips: Delete elastic_ips which are not associated
- zombie_nat_gateways: Delete the NatGateways which are not used.
Note:
- Cluster Resources
- Volumes
- Snapshots
- AMI
- Elastic Load Balancer/ v2
- VPC
- Subnets
- RouteTable
- NatGateways
- ElasticIps
- Security Groups
- Network Interfaces
- DHCP Options
- Roles
- User
- S3 Bucket
- Network ACL
- VPC Endpoint
- InternetGateway
How to run this polices
podman run --rm --name cloud-governance -e policy='ec2_idle' -e AWS_ACCESS_KEY_ID='$AWS_ACCESS_KEY_ID' -e AWS_SECRET_ACCESS_KEY='$AWS_SECRET_ACCESS_KEY' -e AWS_DEFAULT_REGION='us-east-2' -e dry_run='yes' -e policy_output='s3://bucket/logs' -e log_level='INFO' quay.io/ebattat/cloud-governance
Please report any issues with the release on the issues**