Cloud Custodian (c7n)

Cloud Custodian, also referred to as c7n, is a rules engine designed for managing public cloud accounts and their associated resources.

It enables users to establish policies that facilitate a well-managed cloud infrastructure, which is both secure and cost-effective.

It consolidates many of the adhoc scripts that organizations have into a lightweight and flexible tool, featuring unified metrics and reporting. Custodian can be utilized to manage AWS, Azure, and GCP environments by ensuring real-time compliance with security policies, such as encryption and access requirements, as well as tag policies. Additionally, it aids in cost management through garbage collection of unused resources and managing resources during off-hours. Custodian also supports executing policies on infrastructure as code assets, providing feedback directly on developer workstations or within CI pipelines. Policies in Custodian are written in straightforward YAML configuration files, allowing users to specify policies for different resource types (such as EC2, ASG, Redshift, CosmosDB, and PubSub Topic). These policies are constructed using a vocabulary of filters and actions.

It integrates with the cloud-native serverless capabilities of each provider to enable real-time enforcement of policies, accompanied by built-in provisioning.