Show HN: CleanCloud – 针对 AWS 和 Azure 的只读云安全检查
2 分•作者: sureshcsdp•6 个月前
Hi HN,
我是一名独立创始人,拥有 SRE(站点可靠性工程师)背景。我构建了 CleanCloud,旨在解决我在过去团队中经常遇到的一个问题:云账户逐渐被弹性系统和 IaC(基础设施即代码)创建的孤立、无人认领或非活动资源所填满——但没有人想要会自动删除东西的工具。
CleanCloud 是一个小型、开源的 CLI(命令行界面),它:
* 以只读模式扫描 AWS 和 Azure 账户
* 识别潜在的“卫生”问题(未连接的 EBS 卷、旧快照、非活动的 CloudWatch 日志、未标记的存储、未使用的 Azure 公共 IP 等)
* 使用保守的信号和置信度级别(高 / 中 / 低)
* 从不删除或修改资源
* 专为只审查工作流程而设计(SRE 友好,IaC 兼容)
它**有意不**做的事情:
* 无自动修复
* 无成本优化 / FinOps 仪表板
* 无代理,无 SaaS,无 ML(机器学习)
* 不基于单一风险信号提供建议
这还处于早期阶段,我特别希望收到 SRE / DevOps 同行的反馈:
* 这些是**正确**的重点问题吗?
* 这些信号是否足够保守,值得信赖?
* 您接下来真正想要什么规则?
代码库(MIT 许可):[https://github.com/sureshcsdp/cleancloud](https://github.com/sureshcsdp/cleancloud)
如果这看起来有用,请点个 。欢迎提出坦诚的反馈。
非常感谢
Suresh
查看原文
Hi HN,<p>I’m a solo founder and SRE background engineer. I built CleanCloud to solve a problem I kept seeing on teams I worked with: cloud accounts slowly filling up with orphaned, unowned, or inactive resources created by elastic systems and IaC — but nobody wants tools that auto-delete things.<p>CleanCloud is a small, open-source CLI that:
- Scans AWS and Azure accounts in read-only mode
- Identifies potential “hygiene” issues (unattached EBS volumes, old snapshots, inactive CloudWatch logs, untagged storage, unused Azure public IPs, etc.)
- Uses conservative signals and confidence levels (HIGH / MEDIUM / LOW)
- Never deletes or modifies resources
- Is designed for review-only workflows (SRE-friendly, IaC-aware)<p>What it intentionally does NOT do:
- No auto-remediation
- No cost optimization / FinOps dashboards
- No agents, no SaaS, no ML
- No recommendations based on a single risky signal<p>This is early-stage and I’m explicitly looking for feedback from SREs / DevOps folks:
- Are these the <i>right</i> problems to focus on?
- Are the signals conservative enough to be trusted?
- What rules would you actually want next?<p>Repo (MIT licensed): <a href="https://github.com/sureshcsdp/cleancloud" rel="nofollow">https://github.com/sureshcsdp/cleancloud</a><p>If this looks useful, a helps a lot. Brutally honest feedback welcome.<p>Many Thanks
Suresh