There are times when innovation is the result of having dealt with a crisis. At other times innovation takes place when individuals and businesses have spare capacity and the need for a solution.

One now extremely popular tool was developed because of an organization's increasing security challenges; it offers sophisticated security advantages that can be fully automated and in addition help with cost savings.

In this chapter we will look at a tool open sourced from a UK bank called Cloud Custodian (https://github.com/cloud-custodian/cloud-custodian), which we will use to set up AWS policies and additionally automate the enforcement of those policies. Tried and tested, with a thorough understanding of such policies, you can trust the tool with the guardianship of your cloud platform infrastructure.

Installing Cloud Custodian

Cloud Custodian was developed by Capital One and has gained deserved popularity over the years. Let's get straight into the process of installing it and look at some of the policies it offers that might help you.

The policies are written in YAML (https://yaml.org), which is the most popular coding language in today's Cloud Native world and is used in several chapters of this book. Cloud Custodian can run from scheduled scripts (using cron jobs, for example) or equally from serverless functions (such as AWS Lambda and other cloud platform serverless equivalents) on the AWS, Azure, and GCP cloud platforms. How you execute the ...