This post will discuss two popular open-source tools for managing and optimizing AWS resources, including cost savings: Cloud Custodian and Steampipe. We will compare and contrast their features, approach, language, and extensibility to help you choose the best tool with your team's skills and requirements for optimizing your AWS infrastructure.
Cloud Custodian vs. Steampipe: Features Comparison
The following table compares the main features of Cloud Custodian and Steampipe. While the table format shows the presence or absence of specific features, it needs to fully capture the differences in purpose and approach between the two tools. We will discuss those aspects in more detail in the following sections.
Purpose and Approach
Cloud Custodian is a flexible and policy-driven tool for managing AWS resources, ensuring compliance, and optimizing costs. Its primary focus is enforcing policies and rules across AWS accounts, indirectly leading to cost savings by removing or modifying unused or underutilized resources. Cloud Custodian uses a declarative approach, with policies written in YAML, to define rules and actions to manage resources. It automatically takes actions based on the defined policies, which can help in cost optimization.
On the other hand, Steampipe is a CLI tool that queries cloud resources using SQL, allowing you to explore, understand, and manage your cloud infrastructure. Its primary focus is making it easy to query and analyze resources, enabling you to identify potential cost savings opportunities. Unlike Cloud Custodian, Steampipe does not automatically take action, and after identifying them using SQL queries, you must manually implement the cost-saving measures.
Language and Ease of Use
Cloud Custodian uses a domain-specific language (YAML) for writing policies. This requires some learning curve to understand the syntax and structure of policies. However, once you become familiar with the language, you can create robust policies to manage your AWS resources effectively.
Steampipe uses SQL, a widely known and used language, to query resources. This makes adopting it easier for those familiar with SQL and relational databases. With a broad range of SQL query examples available for different use cases, it is simple to start analyzing and managing your AWS resources using Steampipe.
Integration and Extensibility
Cloud Custodian can be integrated with AWS Lambda, AWS Config, and CloudWatch Events for automatic enforcement and notification. This helps maintain compliance and track resource changes in real-time. Additionally, Cloud Custodian supports custom actions and filters through Python, allowing for extensibility based on your unique requirements.
Steampipe can be integrated with other tools through its SQL output, like exporting results to CSV, JSON, or other formats. This makes it easy to share or further analyze the data retrieved from your cloud resources. Extensibility in Steampipe is achieved through plugins, which can be written in Go. This allows you to create custom plugins to support additional services or modify existing ones to suit your needs better.
Community and Support
Cloud Custodian is developed and maintained by Capital One, with a growing community of contributors. The project provides comprehensive documentation and examples, making it easier for users to get started and make the most of the tool. You can also find support and guidance from the community through forums, GitHub issues, and other channels.
Steampipe is developed and maintained by Turbot, with a growing community of contributors. Steampipe offers comprehensive documentation and a wide range of SQL query examples for different use cases, which helps users in adopting and mastering the tool. The Steampipe community is active and supportive, assisting in forums, GitHub issues, and other channels.
In a glance
Feature / Tool
Policy enforcement & compliance
Resource querying & analysis
Cost savings approach
Automatic based on policies
Identification through SQL queries
SQL (Widely known)
Integration with AWS Lambda, AWS Config, and CloudWatch Events
Extensibility through custom actions, filters or plugins
Cloud Custodian and Steampipe can contribute to AWS cost savings but have different approaches and strengths. Cloud Custodian focuses on policy enforcement and automatic actions, while Steampipe provides a powerful querying interface for cloud resources using SQL. The choice between these tools depends on your team's skills and your specific requirements for optimizing your AWS infrastructure.
Consider both tools' features, purpose, approach, language, extensibility, and community support before deciding. Remember that it is also possible to use both tools in conjunction, taking advantage of the policy enforcement capabilities of Cloud Custodian and the resource querying and analysis capabilities of Steampipe to achieve a comprehensive cost optimization strategy for your AWS infrastructure.