26 lines (20 loc) · 1.05 KB

Multi-Cloud Inventory & Compliance Checker

This tool collects resources from AWS, GCP, and Azure, evaluates compliance rules, and reports violations.

Features

Multi-cloud discovery (EC2, S3, IAM; GCP Compute, Storage; Azure VMs, Storage)
Compliance engine with YAML-defined rules
Slack alerts, JSON reports, Prometheus metrics
Runs as Kubernetes CronJob

Setup

Configure cloud credentials (see below)
Edit config.yaml with your accounts/projects
Build Docker image: docker build -t multi-cloud-inventory .
Deploy to Kubernetes using manifests in k8s/ or Terraform in terraform/

Credentials

AWS: Use IAM roles (if running in EKS) or access keys (via env vars). Required permissions: ReadOnlyAccess.
GCP: Set GOOGLE_APPLICATION_CREDENTIALS or provide path in config. Required roles: Compute Viewer, Storage Object Viewer.
Azure: Use DefaultAzureCredential (supports environment variables, managed identity). Required roles: Reader.

Metrics

Prometheus metrics exposed on port 8000 if enabled.

License

MIT