Need for Cost Savings in the Cloud
Smart cloud cost management isn't just a nice-to-have—it’s need of the hour. Optimize usage, cut waste, and funnel savings into real innovation. Otherwise, brace yourself for:
Budget Overruns
Wasting of Resources (Money)
Inaccurate Budget Forecasts
Missing Opportunity to Optimize Costs.
Need proof? Basecamp bailed on the cloud after burning $3.2M/year—now saving $7M over five years. Read it here
Cloud isn’t cheap. Manage it, or it manages you.
What is Cloud Custodian ?!
Cloud Custodian is an open-source rules engine for cloud management that helps organizations automate governance, security, cost optimization, and compliance policies in real time. It enables cloud administrators to define policies as code in YAML and execute them efficiently.
Why should we bother to use it ?!
Automate Cost Savings: Stop or terminate unused resources (e.g., shutting down EC2 instances after hours).
Enforce Security Policies: Detect and remediate non-compliant configurations.
Improve Compliance: Ensure resources follow regulatory and organizational guidelines.
Enhance Governance: Manage resource tagging, encryption, and permissions at scale.
Can be used with the Popular Cloud Providers Azure, GCP apart from AWS.
Prerequisites for the setup
Setup Cloud Custodian into AWS EC2 Instance
Consider the following configuration for the instance
name: cloudcustodian
size: t2 small
key: <Your Key here>After the instance is created we will follow certain steps
# Check for the installation of python3
sudo apt update
python3 --version
# Create a Virtual Env
python3 -m venv custodian
# Switch to the Virtual Environment
source custodian/bin/activate
# Install the Custodian Candidate for AWS with pip
pip install c7n
Our Objective will be to find the AWS Instance with the tag Custodian and to stop that particular instance
For this, we will need to create a yaml file to depict the behavior of the policy
# Create a yaml file
vi custodian-demo.yml
Then further on we will create the policy
policies:
- name: my-first-policy # Name of the Policy
resource: aws.ec2 # Targetting the Resource AWS EC2
filters:
- "tag:Custodian": present # When the tag "Custodian" is present as a key is "present"
actions:
- stop # Then "STOP" action will be taken ! If you are confused about how to add the tags to the instance (if not added at first then). You can make use of the Manage Tags option for the particular instance.
Our AWS Instance in the Dashboard will be running as follows like
To run the Cloud Custodian policy we have just created
custodian run --output-dir=. custodian-demo.ymlWe will get the logs as follows
In the AWS EC2 Console Dashboard, it can be verified that the instance has been stopped.
Our policy to stop AWS instances is functioning as expected.
Congratulations you made it to the last !! Stay ahead; Subscribe to EzyInfra Knowledge Base for more DevOps wisdom.
Conclusion
Cloud Custodian serves as a powerful asset for organizations aiming to automate and enhance cloud governance. Its ability to unify policy management, optimize costs, and bolster security makes it invaluable. However, potential adopters should be mindful of its limitations, including the absence of a graphical interface and scalability considerations, and plan accordingly to address these challenges.
EzyInfra.dev – Expert DevOps & Infrastructure consulting! We help you set up, optimize, and manage cloud (AWS, GCP) and Kubernetes infrastructure—efficiently and cost-effectively. Need a strategy? Get a free consultation now!
Share this post