Contributing back to the Open Source Community

We have all heard about the term “Open Source”. This refers to the code that is either written by an individual or group of people or community and made available to the public to access for free. The code is available for anyone to view and modify under the open-source license agreement. One such project that is very popular among the cloud governance community is Cloud Custodian from Capital One. In this blog, we will discuss what Cloud Custodian does, associated components, and how we use it and contribute back to the community.

What is Cloud Custodian?

Cloud Custodian is Python-based and has many scripts, tools, and capabilities all in one application. It is a rule engine where you can write policy definitions in YAML. This enables an organization to manage their public cloud resources by writing policies for cost savings, exploring asset tagging, compliance, security, operations-related concerns, and resource inventory. Cloud Custodian supports AWS, Azure, and GCP Cloud Providers.

Open Source | Python-based | Agentless | Serverless | Governance-as-Code | Real-Time Guard Rail | Visibility | Powerful Cloud Security Management Tool

The first step is to write the simple YAML DSL policy that allows you to define the rules that include the resource type, filters, mode, and actions. The below command will deploy the Cloud Custodian policy as a Lambda function. custodian run -s . policy.yml –assume arn:aws:iam::123456:role/c7n

--

--

Aakif Shaikh, CISSP, CEH, CHFI, CISA, GWAPT
Aakif Shaikh, CISSP, CEH, CHFI, CISA, GWAPT

Written by Aakif Shaikh, CISSP, CEH, CHFI, CISA, GWAPT

Over 18 years of experience in a wide variety of technical domains within information security including information assurance, compliance, and risk management.