steampipe-mod-aws-thrifty
cloud-custodian
steampipe-mod-aws-thrifty | cloud-custodian | |
---|---|---|
4 | 32 | |
93 | 5,219 | |
- | 0.6% | |
6.6 | 9.5 | |
about 1 month ago | 7 days ago | |
HCL | Python | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
steampipe-mod-aws-thrifty
-
Cutting down AWS cost by $150k per year simply by shutting things off
2 - https://github.com/turbot/steampipe-mod-aws-thrifty
-
Steampipe – Select * from Cloud;
I feel your pain - but Steampipe won't solve this (yet). We have AWS Thrifty [1] to scan your env for cost savings and other tables to query your spend [2], but haven't tackled the 1.8GB of pricing JSON data into a table yet.
1 - https://hub.steampipe.io/mods/turbot/aws_thrifty
-
Open source AWS Dashboards: Visualize your AWS assets & security reports; 100+ dashboards out of the box; Build your own with HCL & SQL.
AWS Thrifty mod: includes over 40 cost saving controls to assess where you can optimize your spend on AWS: https://hub.steampipe.io/mods/turbot/aws_thrifty
-
What are common cost savings checks for thrifty AWS operations?
I have scripted 25 checks for different cost savings/waste discovery opportunities on AWS based on issues I have seen in the past: https://github.com/turbot/steampipe-mod-aws-thrifty
cloud-custodian
-
Cutting down AWS cost by $150k per year simply by shutting things off
> The best optimization is simply shutting things off
This is the way.
A similar idea has been bouncing around in my mind for a while now. An ideal, turnkey system would do the following:
- Execute via Lambda (serverless).
- Support automated startup and shutdown of various AWS resources on a schedule influenced by specially formatted tags.
- Enable resources to be brought back up out of schedule when demand dictates.
- Operate as a TCP/HTTP proxy that can delay clients so that a given service can be started when it is dormant or, even better, the service isn't serverless but you want it to be. This can't work for everything, but perhaps enough things such that the need to run always on services is reduced.
Cloud Custodian [1] can purportedly do some of this, but I've been reluctant to learn yet another YAML-based DSL to use it.
So this is my "make things designed to be always-on serverless instead" project and the work AWS has done to make Java apps function on Lambda keeps me thinking about the potential to take things that 1) have a relatively long startup time and 2) are designed to be long running service loops, and find a way to force them into the serverless execution model.
[1] https://cloudcustodian.io/
-
When have you screwed up, bad?
Goal was to clear up anything old and set us up to rotate keys in use. Why did I do it in the end of December? It was a quarterly goal and I learned to push those across the line if I wanted a good review. Great incentive, that one. I used Cloud Custodian for this. It has a terrible bug where the code says you'll be acting on days since the key was used but actually is reading days since it was created.
-
Open-Source tools for monitoring ML/AI usage- Recommendations?
What is wrong with https://github.com/cloud-custodian/cloud-custodian?
-
Automate deletion of aws ebs snapshots older than year
You can start reading about it here.
-
Optimizing cost on an app which is not used 24/7
Use a tool like this https://cloudcustodian.io/ to manage instance on/off hours or go fargate.
-
Going for the CCP with a Compliance background. Any insight on what direction to pursue in AWS?
Certs aside, there are some great compliance tools out there that you might want to become familiar with. Here is one that comes to mind (is open-source): https://cloudcustodian.io/
- What are some of the community's best recommendations and use cases for Cost Optimization and FinOps
-
EC2 start and stop via Lambda
I'd use a combination of Cloudcustodian for start/stop scheduling and Apprise for notifications.
-
Tag Enforcement
Cloud custodian is a good utility if config rules doesn’t satisfy your needs. It’s also cross platform.
-
26 AWS Security Best Practices to Adopt in Production
AWS Security with open source – Cloud Custodian is a Cloud Security Posture Management (CSPM) tool. CSPM tools evaluate your cloud configuration and identify common configuration mistakes. They also monitor cloud logs to detect threats and configuration changes.
What are some alternatives?
steampipe-mod-azure-compliance - Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, HIPAA HITRUST, NIST, and more across all of your Azure subscriptions using Powerpipe and Steampipe.
terraform - Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
steampipe-mod-aws-compliance - Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Powerpipe and Steampipe.
ScoutSuite - Multi-Cloud Security Auditing Tool
steampipe-samples - Examples, samples, snippets and scripts to use with Steampipe.
steampipe - Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
better-sql - Generate sql query from a concise query syntax inspired from EdgeDB and GraphQL
gatekeeper - 🐊 Gatekeeper - Policy Controller for Kubernetes
steampipe-plugin-sdk - Steampipe Plugin SDK is a simple abstraction layer to write a Steampipe plugin. Plugins automatically work across all engine types including the Steampipe CLI, Postgres FDW, SQLite extension and the export CLI.
fixinventory - Fix Inventory consolidates user, resource, and configuration data from your cloud environments into a unified, graph-based asset inventory.
steampipe-mod-aws-perimeter - Is your AWS perimeter secure? Use Powerpipe and Steampipe to check your AWS accounts for public resources, resources shared with untrusted accounts, insecure network configurations and more.
cloudquery - The open source high performance ELT framework powered by Apache Arrow