Some custodian policies to use in FinOps monitoring
My Custodian Article: https://felipekiko.medium.com/cloud-precisamos-falar-de-limites-parte-1-b048a11c1dc5
All examples have an AWS CloudFormation template, that will create an SNS topic to test your notification, to check if your policy is executed with success, but this message will be delivered in an unreadable format (zlib with base64)
You can uncompress the text, using some zlib and base64 libs, like this example in Python:
zlib.decompress(base64.b64decode(msg))
And some online tools do this too, eg.: "http://www.unit-conversion.info/texttools/compress" but be careful...because the message has some sensitive data, like your AWS Account ID
If you want to create an email or other way notification, I recommend look at C7N-Mailer: https://github.com/cloud-custodian/cloud-custodian/tree/master/tools/c7n_mailer
This policy check if you have some disks not attached to your account The CFN file create 2 disks and 1 SNS to send default notification
This policy checks if have some Elastic IP unassociated The CFN file create 2 EIP and 1 SNS to send default notification
This policy checks if have some ECS with low CPU utilization, and you can configure with your thresholds, changing the instance age days to and CPU percent The CFN file create 1 EC2 and 1 SNS to send default notification, but to test your policy, you need to adapt it, changing the days to 0
This policy checks if have some Load Balancer (Application, Network and Classic) with low utilizantion, and you can configure with your thresholds, changing the instance age days to and requests count The CFN file create 1 Classic Load Balancer, 1 Application Load Balancer, 1 Network Load Balancer and 1 SNS to send default notification, but to test your policy, you need to adapt it, changing the days to 0
This policy checks if have some RDS with low CPU utilization, and you can configure with your thresholds, changing the instance age days to and CPU percent The CFN file create 1 RDS instance with a SubnetGroup and 1 SNS to send default notification, but to test your policy, you need to adapt it, changing the days to 0
This policy check if you have some disks that are underutilized The CFN file create 1 instance with 1 disk and 1 SNS to send default notification, to testing, you need to comment on the age of the disk and decrease the value of the threshold
This policy checks if have some Redshift with low CPU utilization, and you can configure with your thresholds, changing the instance age days to and CPU percent The CFN file create 1 Redshift instance with a SubnetGroup and 1 SNS to send default notification, but to test your policy, you need to adapt it, changing the days to 0
This policy checks if have some snapshot that with no associate with no one EC2 There no CFN file, but you can use the "Underutilized Amazon EBS Volumes" template to create one and after create a snapshot
- EBS storage on wrong tier
- Instances with wrong families
- Older Snapshots
- Amazon Route 53 Latency Resource Record Sets
- Amazon EC2 Reserved Instance Lease Expiration
- Amazon EC2 Reserved Instances Optimization
Cloud Custodian: https://cloudcustodian.io/
AWS CloudFormation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide