Harness Cloud Asset Governance: Cloud Custodian & Beyond

What is Cloud Custodian?

Cloud custodian is a widely used open-source cloud management tool backed by CNCF which helps organizations enforce policies and automate actions to enable them achieve a well maintained cloud environment. It operates on the principles of declarative YAML based policies. With support for multiple cloud providers, including AWS, Azure, and Google Cloud, Cloud Custodian enables users to maintain consistent policies and governance practices across diverse cloud environments, making it particularly appealing for organizations embracing a multi-cloud strategy.

‍

Cloud Custodian comes with all the goodness of battle testing by the community & detects and auto remediates issues - it does come with its own set of challenges. Let’s dive into what are the key challenges that organizations run into when leveraging Cloud Custodian at scale to manage their assets.

Challenges with Cloud Custodian

‍

• No GUI: It’s a CLI driven tool only, requiring knowledge of how to create and edit YAML files in the correct syntax.
• Scale: Scaling cloud custodian requires a dedicated team looking into the operational aspects of the infrastructure.
• No Reporting: Without a GUI, there’s not way to provide for centralized visibility of rules and enforcement across stakeholders
• No Security/Governance: There is no ability to apply RBAC, or have audit trails for changes made. 
• Operational Overhead: As with any open source tool, it requires ongoing maintenance, high management overhead, and needs dedicated infrastructure provisioned
• Complex Policies: No ability to provide guidance on rules, or smart policy authoring that allows user to create rules using natural language

‍

How is Harness Cloud Asset Governance different? 

‍

Harness Cloud Asset Governance leverages all of the goodness of Cloud Custodian, such as its comprehensive coverage of governance policy support across cloud providers, while solving for all the challenges that comes with self-hosting Cloud Custodian. 

‍

Harness provides a rich set of preconfigured governance-as-code rules that make it easy to implement out of the box. But who doesn’t like customisation & how do we solve it? 

We leverage our AI Development Assistant (AIDA™) to power Cloud Asset Governance with a natural language interface that eliminates the need to understand YAML syntax to author policies. 

‍

‍

Harness Cloud Asset Governance serves as a fully managed and scalable rule execution engine. This allows you to concentrate on establishing guardrails, while Harness takes care of the intricacies of management overhead. In addition, Cloud Asset Governance provides detailed Role-Based Access Control and Audit trails. This feature empowers you to precisely assign access permissions, determining who has the authority to execute specific policies and in which cloud accounts.

‍

Moreover, Harness includes a user-friendly visual interface, minimizing friction and improving the usability of utilizing Cloud Custodian. This interface streamlines the process of reviewing policy evaluations at any given point in history and provides a clear view of the outcomes of those evaluations.

‍

‍

At times, determining what to execute and understanding how to save costs through policy guardrails can be challenging. Even with contextual knowledge, the question remains: how do we disseminate this understanding throughout the entire team? This is where Out-of-the-Box Recommendations come into play. We conduct policy assessments in the background to pinpoint cost-saving opportunities and present them through the visual interface.

‍

‍

In summary, while Cloud Custodian offers robust cloud management capabilities, it comes with notable challenges, including the absence of a graphical interface, scalability issues, and limitations in reporting and security features. Harness Cloud Asset Governance steps in as a strategic enhancement, retaining the strengths of Cloud Custodian while mitigating its drawbacks.

‍

Harness introduces preconfigured governance-as-code rules, simplifying policy implementation, and distinguishes itself through the integration of AI Development Assistant (AIDA™) for a natural language interface during policy authoring. With a fully managed and scalable rule execution engine, Harness ensures organizations can establish effective guardrails without grappling with operational complexities. The platform's user-friendly visual interface, Role-Based Access Control, and detailed Audit trails contribute to a seamless and efficient governance experience, providing centralized visibility and precise access management. By choosing Harness Cloud Asset Governance, organizations can optimize their cloud governance, overcoming the challenges associated with self-hosting Cloud Custodian while enjoying enhanced customization and usability.

‍

What’s Next?

Transform your path to a well managed cloud with Governance-as-code and try Harness Cloud Asset Governance now to receive automatic recommendations that can save you money, improve compliance, and reduce security risks. Book a demo to learn more!