Cloud Custodian is an open source governance as code tool that companies can use to manage and automate enforcement of cloud security, compliance, operations, and cost optimization policies through code.
It was created at Capital One in 2016 by Kapil Thangavel and then contributed to the CNCF Sandbox in August 2020. Earlier this week the CNCF voted to accept the project at the incubation level.
“Cloud Custodian is fast becoming the de facto standard for cloud governance, enabling teams to go faster and alleviate the burdens of developing ad hoc scripts,” said Thangavelu, who is now the CTO at Stacklet. “Cloud Custodian’s real-time notification and remediation capabilities are helping DevSecOps and FinOps teams drive behavioral change and improve awareness of best practices among application teams. As we take our next steps into incubation with CNCF, I’m beyond excited to work with the community to continue the adoption of Cloud Custodian and add new capabilities such as Kubernetes controller integration and policy validation against IaaC code.”
Since being donated to the CNCF, the project has been downloaded over 100 million times. It is used by companies such as HBO Max, Intuit, JP Morgan Chase & Co, and Zapier.
Many of the updates to the project over the last year have been focused on project sustainability. Upcoming features to expect include governance updates, full ARM64 support, and signing Docker images through a new automated release process.