Cloud-governance

Latest version: v1.1.342

Safety actively analyzes 693883 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

1.1.0

AWS support

This release run *policies* against AWS account and upload result into ElasticSearch and visualize the result in dedicated Grafana dashboards.\
Cloud-Governance 1.1.0 supports Python 3.9 and higher.

Major Feature List

1. Policies
1. [ec2_idle](https://github.com/redhat-performance/cloud-governance/blob/main/cloud_governance/policy/aws/ec2_idle.py): Stop the running ec2 instances when CPU < 5%, NetWork < 5Kb, send action alert to user before stopping.
2. [ec2_stop](https://github.com/redhat-performance/cloud-governance/blob/main/cloud_governance/policy/aws/ec2_stop.py): Delete stopped ec2 instances more than 30 days and create AMI from it and send alert notification to the user.
3. [ebs_unattached](https://github.com/redhat-performance/cloud-governance/blob/main/cloud_governance/policy/aws/ebs_unattached.yml): Delete unattached ebs volumes.
4. [tag_resources](https://github.com/redhat-performance/cloud-governance/tree/main/cloud_governance/aws/tag_cluster): Auto tagging AWS resources by an IAM User tags ; EC2, EBS, Snapshot, AMI and *Cluster Resources.
5. [cost_explorer](https://github.com/redhat-performance/cloud-governance/blob/main/cloud_governance/policy/aws/cost_explorer.py): Fetch cost explorer reports based on daily User tag usage and uploaded to ElasticSearch and visualize in Grafana dashboards.
6. [cost_over_usage](https://github.com/redhat-performance/cloud-governance/blob/main/cloud_governance/policy/aws/cost_over_usage.py): This rule trigger notification to user when over usage.
7. [zombie_cluster_resource](https://github.com/redhat-performance/cloud-governance/blob/main/cloud_governance/policy/aws/zombie_cluster_resource.py): Scan and delete zombie(unused) *Cluster resources.
8. [empty_buckets](https://github.com/redhat-performance/cloud-governance/blob/main/cloud_governance/policy/aws/empty_buckets.py): delete empty buckets in the s3
9. [empty_roles](https://github.com/redhat-performance/cloud-governance/blob/main/cloud_governance/policy/aws/empty_roles.py): Delete the empty roles without policies
10. [zombie_snapshots](https://github.com/redhat-performance/cloud-governance/blob/main/cloud_governance/policy/aws/zombie_snapshots.py): Delete the snapshots unused by AMI.
11. [zombie_elastic_ips](https://github.com/redhat-performance/cloud-governance/blob/main/cloud_governance/policy/aws/zombie_elastic_ips.py): Delete elastic_ips which are not associated
12. [zombie_nat_gateways](https://github.com/redhat-performance/cloud-governance/blob/main/cloud_governance/policy/aws/zombie_nat_gateways.py): Delete the NatGateways which are not used.


Note:
* Cluster Resources
1. Volumes
2. Snapshots
3. AMI
4. Elastic Load Balancer/ v2
5. VPC
6. Subnets
7. RouteTable
8. NatGateways
9. ElasticIps
10. Security Groups
11. Network Interfaces
12. DHCP Options
13. Roles
14. User
15. S3 Bucket
16. Network ACL
17. VPC Endpoint
18. InternetGateway

How to run this polices

commandline
podman run --rm --name cloud-governance -e policy='ec2_idle' -e AWS_ACCESS_KEY_ID='$AWS_ACCESS_KEY_ID' -e AWS_SECRET_ACCESS_KEY='$AWS_SECRET_ACCESS_KEY' -e AWS_DEFAULT_REGION='us-east-2' -e dry_run='yes' -e policy_output='s3://bucket/logs' -e log_level='INFO' quay.io/ebattat/cloud-governance


Please report any issues with the release on the [issues](https://github.com/redhat-performance/cloud-governance/issues)**

Links

Releases

Has known vulnerabilities

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.