Cloud Automation & Savings Handler (CASH)

CASH is a self-service tool for deploying and managing Cloud Custodian policies. Our default policies are intended to help you manage finances and operations within AWS. We offer 15 policies in our library now, but you are free to add any more custodian policies as you see fit. You can also pitch new policies to the Cloud Governance Council if you believe it would help out other teams at Pearson.

Installation

Download the zipped folder from the PCM downloads page. Unzip, 'cd' into the directory, and follow the README instructions to set up your virtual environment. You must have Python 3 and aws-runas installed. You must also have PCMPowerUser access in your account in order to use CASH.

Running CASH

  1. List policies
    ./cash.sh list-policies
  2. Get config
    Running this command will have CASH pull a list of Cloud Custodian Lambdas in each region in your account. Once it pulls the configuration, CASH will open up the file for you modify as you see fit before you run the deploy-config command. aws-runas is required in order to get an existing configuration of custodian Lambdas in an account. aws-runas my-profile ./cash.sh get-config
  3. Deploy config
    Running this option will have CASH deploy Cloud Custodian policies in your account corresponding with the configuration file. See sample-config.yml for guidance on how to write this config file. If you don't use the -f flag with a config file, CASH will use config.yml by default. aws-runas is required in order to deploy a new configuration of custodian Lambdas to your account. If you use the all-regions keyword, any resources under that region will be deployed into every region. See sample-config.yml as an example.
    aws-runas my-profile ./cash.sh deploy-config
  4. Optional flags
  5. Use -h to bring up the help menu for more clarity.
  6. Use -f with a file path to use that as your config file for saving results (using get-config) or deploying new Lambdas (using deploy-config). If this flag isn't set, CASH will use config.yaml by default.
    aws-runas my-profile ./cash.sh deploy-config -f deploy-this-config.yaml
  7. Use the boolean flag -d when running deploy-config to delete any custodian Lambdas in the account that weren't included in the config file. Any custodian Lambdas required by Cloud Governance will not be deleted.
    aws-runas my-profile ./cash.sh deploy-config -d

More Information

For more information, including how to create exceptions and a comprehensive policy list, check out CASH's Neo page.