A Watchman for Your Cloud that never sleeps, and it’s free!

Cloud Custodian guard-rail watchman on duty for 24x7x365

Let’s say, the apartment management has hired a watchman to patrol the perimeter at night so everyone staying in the apartment feels secure and goes to sound sleep. What if we could have something similar in the Cloud that would stay as vigilant as watchmen not just during the night but also during the daylight? A watchman that could provide an assurance of detecting an event, prevent a security incident, compensate for the loss of primary controls, recover conditions to normal, and take corrective actions to mitigate the risks.

What if I could say, we are all lucky to have such a watchman with us that can be used in the cloud? This watchman never sleeps and it’s free, you just need to enroll him for this job. Yes, we are talking about the open-source tool called, Cloud Custodian that provides features of guardrails. The Cloud Custodian supports all three cloud providers, AWS, Azure, and GCP. It does not need an agent to be installed, allows you to write your own rules, is inexpensive to run, and the best part of the tool is it is supported by hundreds of contributors from the community.

Cloud Custodian is an open-source project — free to use.

Cloud Custodian is very powerful in identifying when the filters are matched and then taking actions defined in the policy. Organizations have multi-cloud environments with hundreds of accounts and several hundreds of employees working across the globe continuously working on the next big thing. At such speed, it is necessary for the security team to move fast enough to have adequate administrative and technical controls to provide continuous visibility, transparency, security, compliance, and operations-related concerns in the cloud.

Let’s go through some policy examples to understand how Cloud Custodian can help us identify unrestricted security groups, public RDS instances, public Redshift clusters, public S3 buckets, internet-facing ELBs, and many more. You can define actions based on the required outcome: either delete…


Over 18 years of experience in a wide variety of technical domains within information security including information assurance, compliance, and risk management.

Recommended from Medium


See more recommendations