30 open-source projects similar to capitalone/cloud-custodian, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Cloud Custodian alternative.
Cloud Custodian is an open-source rules engine that uses declarative YAML policies to query, filter, and take automated actions on cloud resources for governance and compliance. It functions as a stateless policy execution engine, where each policy evaluation runs as an independent, idempotent operation without maintaining internal state between runs. Policies are defined using a YAML-based domain-specific language that structures rules as a query-filter-action pipeline. The engine supports dry-run validation, allowing users to simulate policy actions against live resources without applying c
CloudQuery is a cloud infrastructure ETL tool and multi-cloud data pipeline designed to collect, synchronize, and normalize resource metadata from various cloud providers and SaaS platforms. It functions as a centralized asset inventory manager and security posture manager, extracting configuration and state data into relational databases, data lakes, or data warehouses. The system distinguishes itself by transforming complex, nested cloud API responses into flat relational tables, enabling the use of standard SQL for asset querying and analysis. It employs a modular plugin system for data ex
Fog is a Ruby cloud infrastructure SDK that provides a standardized interface for managing compute, storage, and network resources across multiple cloud providers. It utilizes a multi-cloud abstraction layer to translate generic resource requests into provider-specific API calls, unifying infrastructure control through a consistent set of Ruby objects. The project includes a cloud API mocking framework that simulates provider responses and resource behavior in memory. This allows for the testing of infrastructure integration logic without making actual network requests or incurring provider c
Zappa is a deployment tool and orchestrator designed to package and deploy Python web applications to AWS Lambda. It functions as a wrapper and framework that adapts standard Python applications to work with serverless infrastructure and API Gateway events. The project enables the hosting of Python web frameworks on serverless environments without requiring the application to be rewritten. It automates the process of pushing code from local environments to the cloud and manages the lifecycle of these deployments to remove manual server management. Its capabilities include automated infrastru
Terrascan is a static analysis tool designed to evaluate infrastructure-as-code configuration files for security vulnerabilities and compliance violations. By parsing these files into an intermediate representation, it identifies risks before cloud resources are provisioned, serving as a compliance auditor for cloud-native environments. The tool functions as a policy-as-code engine, allowing users to define and enforce custom security rules and industry benchmarks using a specialized query language. It distinguishes itself through its ability to integrate directly into development and deploym
tfsec is a static analysis tool and security scanner for Terraform configuration files. It functions as an infrastructure as code security scanner and compliance linter designed to detect misconfigurations and vulnerabilities across multiple cloud providers before resources are deployed. The tool identifies security risks by analyzing infrastructure code and variable files to evaluate the final state of the environment. It supports custom policy enforcement and allows for the suppression of specific security warnings through inline comments. Its capabilities cover cloud security posture mana
Foreman is a lifecycle infrastructure management platform used for automating the provisioning, configuration, and monitoring of physical, virtual, and cloud servers. It serves as a central hub for managing the entire lifespan of a server, from initial deployment and operating system upgrades to decommissioning and auditing. The platform functions as a hybrid cloud manager and bare-metal provisioning tool, providing a unified interface to control virtual machine lifecycles across diverse hypervisors and public cloud providers. It automates hardware discovery and operating system deployment us
Boto3 is the AWS SDK for Python, providing a programmatic interface for managing and automating AWS cloud infrastructure and services. It serves as a cloud management API client and resource manager for provisioning, configuring, and scaling virtual servers, databases, and storage. The library enables the implementation of infrastructure-as-code through declarative templates and scripts, allowing for the deployment of identical resource stacks across multiple accounts and geographic regions. It also provides a framework for coordinating distributed workflows, serverless functions, and contain
This project provides a framework for managing multi-agent systems, designed to automate complex software development, infrastructure, and business workflows. It functions as a multi-agent workflow orchestrator that routes tasks to domain-specific workers while maintaining state persistence and infrastructure automation. By leveraging large language models, the system decomposes high-level objectives into actionable plans, ensuring that complex operations are executed with consistency and reliability. The framework distinguishes itself through its hierarchical agent registry and policy-driven
Awesome Copilot is a comprehensive framework for autonomous software development, providing the infrastructure to orchestrate multi-agent teams and automate complex coding workflows. It functions as a centralized platform for managing AI-driven development, enabling developers to deploy specialized agents that interact with local files, terminal commands, and external APIs to execute end-to-end software delivery tasks. The project distinguishes itself through its focus on governance and extensibility, offering a suite of security controls, policy-based execution guardrails, and audit trails t
Phoenix is a pull-to-refresh UI component and JavaScript gesture library designed for mobile and web views. It provides a reusable interaction pattern that triggers data updates when a user drags the screen downwards. The project features customizable visual indicators and themed animations that react to the state of the pull operation. It includes mechanisms for manual state coordination, allowing external controllers to programmatically trigger or cancel refresh sequences independently of user input. To ensure a smooth user experience, the library integrates with mobile-first views by inte
This is an infrastructure as code tool and serverless deployment orchestrator that provides a shorthand syntax for defining serverless infrastructure. It functions as a framework for transforming concise resource declarations into full AWS CloudFormation templates to automate the provisioning of cloud functions, APIs, and databases. The project distinguishes itself by using a macro-based transformation system to expand simplified resource types into detailed infrastructure components. It includes an automated permission mapping system that translates high-level resource interaction intents in
MLOps-Basics is a collection of implementation guides and blueprints for automating the machine learning lifecycle. It provides practical workflows for managing the transition of models from training to production deployment, focusing on the integration of operational tools into the machine learning pipeline. The project features specific architectural patterns for deploying containerized models using serverless infrastructure and cloud registries. It includes frameworks for tracking large datasets and model artifacts via remote storage, as well as guides for converting models into standardiz
This project is a performance optimizer and resource benchmarker for AWS Lambda. It analyzes the trade-off between execution speed and cost by testing various memory configurations to identify the most cost-effective settings and minimize operational spending. The tool utilizes an AWS Step Functions orchestrator to automate the execution and data collection of multiple function test runs across different power levels. It simulates production workloads by injecting custom static or remote data and using weighted payload distribution to mimic real-world traffic patterns. The suite covers sever
go-cloud is a toolkit of cloud-agnostic libraries that provide portable Go interfaces for interacting with common cloud services. It enables multi-cloud application development by decoupling business logic from specific provider API implementations. The project utilizes a driver-based system to map generic interface calls to vendor-specific requests. This allows applications to switch between different cloud backends for blob storage, relational databases, and asynchronous publish-subscribe messaging without changing the core application code. Beyond storage and messaging, the toolkit includ
Chalice is a framework for building and deploying serverless applications and REST APIs on AWS Lambda using Python. It functions as an infrastructure-as-code generator, mapping application logic and routing definitions directly to cloud compute resources while automating the provisioning and management of the underlying environment. The framework distinguishes itself by analyzing source code to automatically construct the minimum necessary security permissions, ensuring least-privilege access for all deployed functions. It supports modular development through blueprint-based organization and
This repository provides a comprehensive library of code examples for implementing event-driven, serverless backend architectures. It serves as a practical guide for building scalable cloud-native applications that execute logic in isolated environments, triggered by infrastructure events or HTTP requests rather than persistent server processes. The collection demonstrates how to leverage managed infrastructure to automate backend workflows, including the use of asynchronous task queuing to maintain system stability during high traffic. It highlights patterns for secure API hosting, enabling
Vercel is a cloud platform for building, deploying, and scaling web applications. It provides a unified infrastructure that automates the build process by detecting project frameworks and distributing static and dynamic content through a global content delivery network. The platform executes application logic using serverless functions that scale automatically based on real-time traffic demand. The platform distinguishes itself through a centralized AI gateway that proxies requests to multiple model providers, enabling standardized authentication, observability, and cost tracking. It supports
Coroot is an observability platform and Kubernetes performance monitor that utilizes eBPF to automatically collect metrics, logs, and traces without requiring manual code instrumentation. It functions as an OpenTelemetry trace analyzer and an LLM observability gateway, exposing system health data to large language models through the Model Context Protocol. The platform differentiates itself by combining automated root cause analysis and AI-driven diagnostics to investigate performance regressions. It also includes a cloud cost monitoring tool that attributes infrastructure spending to specifi
This project provides the continuous integration infrastructure and end-to-end test orchestration required for the Kubernetes project. It serves as a specialized framework for managing CI pipelines, cloud resource leasing, and repository automation to validate core functionality and API stability. The system differentiates itself through a dedicated cloud resource manager that leases isolated project pools to ensure consistent test environments and a monitoring system that analyzes historical test outcomes to identify regressions and flaky tests. It also includes a GitHub workflow automator u
Up is a deployment tool that transforms any HTTP server into an AWS Lambda function behind API Gateway with a single command, eliminating server management entirely. It provides a unified platform for building and deploying serverless APIs that scale automatically and charge only for actual usage, while supporting Node.js, Go, Python, Java, Crystal, and Clojure runtimes without per-language configuration. The tool automates the generation and management of all required AWS resources—including Lambda, API Gateway, CloudFront, and S3—from a declarative configuration, and can replicate the entir
vibesdk is an agentic software development platform and framework designed to coordinate autonomous agents that write, debug, and refine full-stack applications from natural language. It serves as a cloud-native application orchestrator and an LLM-powered code generation framework that converts prompts into functional code through iterative conversations and multi-phase agent behaviors. The project distinguishes itself by providing a complete toolchain for building AI development platforms. This includes the ability to integrate various model providers, construct custom LLM toolkits, and mana
This repository contains the technical documentation for Knative, providing comprehensive guides and references for deploying serverless workloads and event-driven workflows. It serves as a central resource for configuring request-driven autoscaling, traffic routing, and the building of decoupled systems that trigger actions based on asynchronous events. The documentation is delivered as a searchable static website rendered from Markdown files. This system utilizes versioned document branching and a continuous integration pipeline to automate the building and publishing of technical instructi
Packer is a machine image build tool and multi-platform image orchestrator. It functions as an infrastructure as code image builder that produces identical machine images across multiple platforms from a single source configuration to ensure environment consistency. The tool enables the creation of a golden image pipeline by generating compatible system images for different cloud providers and on-premises hypervisors. It includes an image lifecycle registry to store metadata for tracking the versioning and status of generated images. The system manages the automation of machine image creatio
Nitro is a cross-platform server engine and JavaScript server framework designed to bundle backend code for deployment across diverse cloud providers, edge functions, and serverless environments. It functions as a platform-agnostic backend runtime that translates platform-specific event objects into a standardized request and response format. The project utilizes a file-system based router to map the physical directory structure of the server folder directly to URL endpoints. It employs a build process to generate platform-agnostic bundles, ensuring the same server logic can run across differ
This repository is a technical documentation site and a collection of guides and references for implementing networking, security, and cloud infrastructure services. It functions as a static-site generated portal and a headless content platform, separating source files from the presentation layer to enable flexible rendering. The project utilizes markdown-based documentation stored in a version-controlled Git repository. It provides specialized technical content including an AI platform documentation for building agents and managing inference, a cloud infrastructure guide for DNS and CDN conf
Chalice is a Python development framework for building and deploying serverless applications and REST APIs on AWS. It functions as a microservice tool that automates the deployment of code and infrastructure to AWS Lambda and orchestrates AWS API Gateway to route HTTP requests to specific serverless functions. The framework features an automated system that analyzes source code to generate the minimum required identity and access management permissions. It also provides a command line interface to manage the complete application lifecycle, from project creation and deployment to the removal o
Boto is a Python SDK and API wrapper for Amazon Web Services. It serves as a programmatic interface for managing and automating cloud infrastructure, mapping cloud-side resources to native Python objects and methods. The library provides tools for the programmatic control and orchestration of compute, storage, networking, and database resources. It enables the automation of infrastructure deployments and the management of virtual servers, container services, and serverless functions. Capability areas include identity and access management, cloud monitoring and observability, and the administ
Cloudsploit is a cloud security posture management tool and multi-cloud security auditor. It audits cloud infrastructure for misconfigurations and compliance risks across multiple providers, specifically AWS and Azure, by evaluating resource configurations against a set of security plugins. The project functions as a cloud compliance scanner that maps infrastructure scan results to regulatory frameworks and security policy standards. It also serves as an automated cloud remediation tool, executing corrective actions to fix detected misconfigurations via SDK calls. The system covers resource
karpenter-provider-aws is a Kubernetes node autoscaler and infrastructure provider for AWS. It serves as a node lifecycle manager and cluster cost optimizer that automatically provisions and removes compute instances based on the resource requirements of pending pods. The project distinguishes itself through advanced AWS spot instance orchestration and price-capacity optimized selection to reduce cloud spend. It minimizes costs by consolidating underutilized nodes and prioritizing spot or reserved instances over on-demand capacity, while proactively migrating workloads before cloud provider i