Technology · Ebook
Cloud Custodian: Governance as Code
by Shriira Press
Cloud Custodian is an open-source rules engine for cloud governance — define policies as simple YAML and have them automatically enforced across your cloud accounts. This free book teaches it from the ground up: the cloud governance problem (waste, security misconfigurations, compliance drift, poor tagging) and what Custodian does, the problems it solves in depth, how it works (the rules engine, cloud APIs, multi-cloud support, execution modes), the policy structure (resources, filters, actions), filters in depth (value filters, tags, boolean logic, special filters), actions and remediation (the graduated-action pattern, safe remediation), execution modes (on-demand, scheduled, event-driven serverless), cost and tagging governance, security and compliance enforcement, and operating Custodian at organizational scale. Ten focused chapters with clear diagrams that turn cloud governance from an unwinnable manual chase into automated, scalable, code-driven practice across AWS, Azure, and GCP.
Contents
- 1Preface
- 2Chapter 1 — What Cloud Custodian Is
- 3Chapter 2 — The Governance Problems It Solves
- 4Chapter 3 — How Cloud Custodian Works
- 5Chapter 4 — The Policy Structure
- 6Chapter 5 — Filters in Depth
- 7Chapter 6 — Actions and Remediation
- 8Chapter 7 — Execution Modes
- 9Chapter 8 — Cost and Tagging Governance
- 10Chapter 9 — Security and Compliance Enforcement
- 11Chapter 10 — Operating Cloud Custodian in Practice