My Cloud Custodian implementation experience at a VC funded startup. I can’t recommend this open source project.
Cloud Custodian is an open-source CNCF project, policy-as-code tool for managing and protecting cloud resources. It supports AWS, Azure, GCP, Kubernetes, and other cloud providers. Cloud Custodian can be used to:
- Enforce security and compliance policies
- Optimize costs
- Automate resource management
- Monitor and report on cloud environments
As one of the DevRel staff at CelerData (we’re an open source OLAP database Linux Foundation project), we do a lot of deployments for testing and content writing so we need a way to make sure that we track who does what and what resources we need to save vs. delete.
So my basic requirement was to just mark AWS resources that should be tagged with Owner and Project and then also autotag.
1st issue: Quickstart doesn’t give you enough info
https://cloudcustodian.io/getting-started/policyStructure/. So the quickstart is broken or at least incomplete (last time the website was generated was 7 months ago). And I tried to contribute but the documentation website uses RST and it isn’t easy to edit on github.
Anyhow to get it working… https://github.com/cloud-custodian/cloud-custodian/issues/9027
2nd issue: Marking AWS Resources
https://cloudcustodian.io/docs/aws/examples/tagcompliance.html. So some examples have c7n_status but when I run the example, it uses maid_status. Wish it was explained but whatever.
3rd issue: Auto tagging entries with Owner
https://github.com/cloud-custodian/cloud-custodian/issues/8989. I just couldn’t get it to work at all.
In all 3 issues, I created github issues and also chatted on slack. I still haven’t gotten a resolution.
Over all, it’s just a horrible experience for someone new to using this project. At least your most common use cases and quickstarts should just work. Also it’s really, really hard to contribute to the documentation. It’s just a struggle. I really can’t recommend this open source project at all.
