News

Capital One Open Sources AWS Resource Management Tool

• By David Ramel
• 04/25/2016

More known for financial services than cloud development tools, Capital One Services, LLC has nevertheless open sourced its Cloud Custodian tool for managing AWS cloud computing and storage resources.

"Cloud Custodian is a rules engine for AWS resource management," the project's GitHub site states. "It allows users to define policies to be enforced to enable a well-managed cloud, with metrics and structured outputs. It consolidates many of the ad hoc scripts organizations have into a lightweight and flexible tool."

The multi-faceted tool can help organizations enforce real-time policies via built-in provisioning by integrating with existing AWS tools such as Lambda and CloudWatch, or it can be used "isomorphically" to interact with all account resources, the project description says.

Capital One said the tool was developed to provide just one open source offering in order to unify the many separate tools and scripts used by many organizations to manage their AWS accounts.

Among use cases listed in its documentation are: stop Elastic Compute Cloud (EC2) instances from using unapproved Amazon Machine Images (AMI); garbage collect unattached Elastic Block Store (EBS); encrypt all Simple Storage Service (S3) objects; and many more.

"Custodian uses a flexible query language for filtering resources to a particular subset that allows for compound querying," the documentation states. "This essentially allows you to filter for things like instances with EBS volumes that are not set to delete on instance termination or stopped instances. This filtering can take into account external data sources. It also provides for resource specific actions around deletion, stopping, starting, encryption, tagging, etc."

While development first started on the tool last July, according to TechCrunch, leading to the open source announcement at the recent AWS Summit in Chicago, Capital One plans on continuing to improve it.

"We want to continue adding additional AWS resource support to Custodian," the documentation states. "We also plan on adding features like active tag value validation and additional custom filters for resources. Our long-term goal is to add additional cloud providers (for example, Azure and Google) if there is interest."