Capital One Services, LLC is more known for its financial services than for cloud development tools. However, Capital One Services, LLC has open-sourced its Cloud Custodian tool to manage AWS cloud computing and storage resources.
The project’s GitHub page states that Cloud Custodian “is a rules engine to manage AWS resources.” It allows users to create policies that will be enforced to ensure a well-managed cloud. This includes metrics and structured outputs. It consolidates many of organizations’ ad-hoc scripts into a lightweight, flexible tool.
The multi-faceted tool is designed to help organizations enforce real time policies through built-in provisioning. It can also integrate with existing AWS tools like CloudWatch and Lambda. Or, it can be used “isomorphically”, to interact with all account resources.
Capital One stated that the tool was created to be an open-source offering and unify all the different tools and scripts that are used by organizations to manage their AWS accounts.
It lists several use cases, including: stopping Elastic Compute Cloud instances (EC2) from using unapproved Amazon Machine Images. (AMI); garbage collection unattached Elastic block store (EBS); encrypting all Simple Storage Service objects (S3); and many other.
The documentation states that Custodian uses a flexible language to filter resources to a subset of resources. This allows for compound querying. This allows you to filter for instances with EBS volumes that aren’t set to delete on instance termination. External data sources can be taken into account when filtering is done. It can also provide resource-specific actions such as deletion, stopping, beginning, encryption, tagging and so on.
According to TechCrunch the initial development of the tool began in July and led to the open source announcement at AWS Summit Chicago. Capital One plans to continue to improve the tool.
The documentation states that “We want to continue to add additional AWS resource support for Custodian.” “We also plan to add features such as active tag value validation, and additional custom filters on resources. If there is interest, our long-term goal will be to add cloud providers (e.g. Azure and Google).