Cloud Custodian is a rules engine for managing public cloud accounts andresources. It allows users to define policies to enable a well managedcloud infrastructure, that's both secure and cost optimized. Itconsolidates many of the adhoc scripts organizations have into alightweight and flexible tool, with unified metrics and reporting.

Custodian can be used to manage AWS, Azure, and GCP environments byensuring real time compliance to security policies (like encryption andaccess requirements), tag policies, and cost management via garbagecollection of unused resources and off-hours resource management.

Custodian policies are written in simple YAML configuration files thatenable users to specify policies on a resource type (EC2, ASG, Redshift,CosmosDB, PubSub Topic) and are constructed from a vocabulary of filtersand actions.

It integrates with the cloud native serverless capabilities of eachprovider to provide for real time enforcement of policies with builtinprovisioning. Or it can be run as a simple cron job on a server toexecute against large existing fleets.

Cloud Custodian is a CNCF Sandbox project, lead by a community of hundredsof contributors.