Skip to content
@cloudon-one

Cloudon-one

Tailored AWS&GCP Cloud Infra and DevOps Solutions
README.md

CloudOn Infrastructure Management Suite

A comprehensive suite of tools and configurations for managing multi-cloud infrastructure, with focus on cost optimization, security, and automation.

📚 Repository Links

  • FinOps - Cost optimization and resource management tools
  • SecOps - Infrastructure validation and instant security checks
  • Multi-Cloud - Landing zone infrastructure for AWS and GCP
  • KubeLaunch - Comprehensive Kubernetes platform

🎯 Solutions Overview

The suite consists of four main components:

  1. FinOps & Cost Management

    • GCP Organization Recommender for cost optimization
    • AWS Resource Cleanup for unused resource management
    • Infrastructure cost tracking and analysis

  2. SecOps & Infra Pipelines

    • Automated validation and security checks
    • Cost impact analysis
    • Container, IAM, RDS, Storage and more security scanning

  3. Multi-Cloud Landing Zone

    • AWS and GCP infrastructure management
    • Network architecture and security controls
    • Database and Kubernetes infrastructure

  4. Kubernetes Platform (KubeLaunch)

    • Complete platform infrastructure
    • Service mesh and observability
    • GitOps and automation tools

🏗️ Architecture Components

FinOps Tools

GCP Organization Recommender

  • Monitors GCP recommendations using Recommender API
  • Identifies idle resources and right-sizing opportunities
  • Delivers Slack notifications for cost optimization
  • Serverless implementation using Cloud Functions

AWS Resource Cleanup

  • Automated cleanup of unused AWS resources
  • Multi-region support
  • Email notifications via SES
  • Safety features including dry-run mode and tag-based preservation

Infrastructure Pipeline

  • Pre-Commit Phase

    • GitGuardian secrets scanning
    • Threat modelling
    • Code quality checks

  • Validation Phase

    • Terraform validation
    • TFSec security analysis
    • Infracost analysis

  • Security Scanning

    • Container security
    • Kubernetes security
    • Multi-cloud security controls

Landing Zone Structure

AWS Organization

  • Management OU
  • Network Account
  • Shared-Services Account
  • Security OU
  • Production/Development OUs

GCP Organization

  • Root
    • Admin
    • Shared Environment
    • Production
    • Development
    • Staging

Kubernetes Platform

  • Core Platform

    • Certificate management
    • DNS automation
    • Secrets management
    • Node provisioning

  • Service Mesh

    • Istio
    • Kong API Gateway
    • Jaeger tracing

  • Observability

    • Loki stack
    • Kubecost
    • Custom monitoring

🚀 Prerequisites

Required Tools

  • Terraform >= v1.5.0
  • Terragrunt >= v0.60.0
  • AWS CLI
  • GCP SDK
  • kubectl
  • Helm v3.x

Cloud Provider Setup

# AWS Setup
aws configure

# GCP Setup
gcloud auth application-default login

🔑 Security & Compliance

Multi-Cloud Security Controls

  • IAM and RBAC configurations
  • Network security and encryption
  • Audit logging and monitoring
  • Compliance frameworks support

Kubernetes Security

  • Private clusters
  • Network policies
  • Service mesh encryption
  • Secrets management with Vault

📊 Monitoring & Observability

  • Cost monitoring with Kubecost
  • Log aggregation using Loki
  • Distributed tracing with Jaeger
  • Infrastructure metrics and alerting

🔧 Maintenance

Regular Tasks

  1. Component version updates
  2. Resource utilization review
  3. Cost optimization checks
  4. Security patch management
  5. Backup procedures

State Management

# AWS State Backup
terragrunt state pull > backup.tfstate

# GCP State
# Managed in GCS buckets with regional distribution

📝 Contributing

  1. Fork the repository
  2. Create your feature branch
  3. Commit your changes
  4. Push to the branch
  5. Create a Pull Request

🤝 Support

For support:

  • Open an issue in the repository
  • Contact cloud platform teams
  • Review documentation

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

Popular repositories Loading

  1. FinOps-Guardian FinOps-Guardian Public

    AWS & GCP FinOps Tools

    Python 21 1

  2. k8s-platform-tools k8s-platform-tools Public template

    Essential k8s platform tools and configuration examples

    HCL 1

  3. multi-cloud-runway multi-cloud-runway Public template

    Ready-made "landing zone" solution that sets up multi-account cloud environments, complete with networking, IAM, security, and best-practice guardrails—powered by Terraform/Terragrunt.

    HCL 1

  4. secureops secureops Public template

    A turnkey CI/CD pipeline that integrates pre-commit checks, security scanning, and infrastructure validation—ensuring your code is compliant and production-ready before it hits the main branch.

    Dockerfile 1

  5. DevSecOps DevSecOps Public

    Forked from sottlmarek/DevSecOps

    Ultimate DevSecOps library

  6. .github .github Public

Repositories

Showing 10 of 11 repositories
  • .github Public
    cloudon-one/.github’s past year of commit activity
    0 MIT 0 0 0 Updated Jan 27, 2025
  • secureops Public template

    A turnkey CI/CD pipeline that integrates pre-commit checks, security scanning, and infrastructure validation—ensuring your code is compliant and production-ready before it hits the main branch.

    cloudon-one/secureops’s past year of commit activity
    Dockerfile 1 MIT 0 0 0 Updated Jan 21, 2025
  • multi-cloud-runway Public template

    Ready-made "landing zone" solution that sets up multi-account cloud environments, complete with networking, IAM, security, and best-practice guardrails—powered by Terraform/Terragrunt.

    cloudon-one/multi-cloud-runway’s past year of commit activity
    HCL 1 MIT 0 0 0 Updated Jan 21, 2025
  • FinOps-Guardian Public

    AWS & GCP FinOps Tools

    cloudon-one/FinOps-Guardian’s past year of commit activity
    Python 21 MIT 1 0 0 Updated Jan 21, 2025
  • kubelaunch-essentials Public

    A preconfigured Kubernetes environment with Terragrunt-based automation, service mesh, and observability baked in—ready to deploy in minutes.

    cloudon-one/kubelaunch-essentials’s past year of commit activity
    HCL 0 MIT 0 0 0 Updated Jan 21, 2025
  • aws-terraform-modules Public template

    List of opinionated AWS terrafirm modules

    cloudon-one/aws-terraform-modules’s past year of commit activity
    HCL 0 MIT 0 0 0 Updated Jan 12, 2025
  • opensearch-monitoring Public

    Reusable OpenSearch Monitoring configs

    cloudon-one/opensearch-monitoring’s past year of commit activity
    Python 0 MIT 0 0 0 Updated Dec 27, 2024
  • k8s-platform-tools Public template

    Essential k8s platform tools and configuration examples

    cloudon-one/k8s-platform-tools’s past year of commit activity
    HCL 1 MIT 0 0 0 Updated Oct 29, 2024
  • k8s-platform-modules Public

    Kubernetes Essentials Terraform Modules

    cloudon-one/k8s-platform-modules’s past year of commit activity
    HCL 0 MIT 0 0 0 Updated Oct 27, 2024
  • k8s-resources Public

    List of selected k8s related articles and digrams

    cloudon-one/k8s-resources’s past year of commit activity
    0 0 0 0 Updated Oct 2, 2024
View all repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Most used topics

Loading…