Cloud Custodian is an open-source tool that provides cloud security, governance, and management.
It enables IT operators to easily define rules for cloud infrastructure, allowing for increased security and reduced costs. It offers a single tool to replace many disparate tools and scripts.
Policies are expressed in YAML and include the type of resource to run the policy against, filters to narrow down the set of resources, and actions to take on the filtered set of resources.
Benefits include active enforcement of compliance policies, cost management, the ability to be run anywhere, and simple domain-specific language.
Other features include arbitrary filtering on resources with nested boolean conditions, the ability to dry run policies, cloud provider native metrics, intelligent cache usage to minimize API calls, and multi-account support.
Cloud Custodian supports AWS, Azure, and GCP public cloud environments. It is currently a project at the Linux Foundation.