Show HN: CleanCloud – 针对 AWS 和 Azure 的只读云安全检查

2作者: sureshcsdp6 个月前
Hi HN, 我是一名独立创始人,拥有 SRE(站点可靠性工程师)背景。我构建了 CleanCloud,旨在解决我在过去团队中经常遇到的一个问题:云账户逐渐被弹性系统和 IaC(基础设施即代码)创建的孤立、无人认领或非活动资源所填满——但没有人想要会自动删除东西的工具。 CleanCloud 是一个小型、开源的 CLI(命令行界面),它: * 以只读模式扫描 AWS 和 Azure 账户 * 识别潜在的“卫生”问题(未连接的 EBS 卷、旧快照、非活动的 CloudWatch 日志、未标记的存储、未使用的 Azure 公共 IP 等) * 使用保守的信号和置信度级别(高 / 中 / 低) * 从不删除或修改资源 * 专为只审查工作流程而设计(SRE 友好,IaC 兼容) 它**有意不**做的事情: * 无自动修复 * 无成本优化 / FinOps 仪表板 * 无代理,无 SaaS,无 ML(机器学习) * 不基于单一风险信号提供建议 这还处于早期阶段,我特别希望收到 SRE / DevOps 同行的反馈: * 这些是**正确**的重点问题吗? * 这些信号是否足够保守,值得信赖? * 您接下来真正想要什么规则? 代码库(MIT 许可):[https://github.com/sureshcsdp/cleancloud](https://github.com/sureshcsdp/cleancloud) 如果这看起来有用,请点个 。欢迎提出坦诚的反馈。 非常感谢 Suresh
查看原文
Hi HN,<p>I’m a solo founder and SRE background engineer. I built CleanCloud to solve a problem I kept seeing on teams I worked with: cloud accounts slowly filling up with orphaned, unowned, or inactive resources created by elastic systems and IaC — but nobody wants tools that auto-delete things.<p>CleanCloud is a small, open-source CLI that: - Scans AWS and Azure accounts in read-only mode - Identifies potential “hygiene” issues (unattached EBS volumes, old snapshots, inactive CloudWatch logs, untagged storage, unused Azure public IPs, etc.) - Uses conservative signals and confidence levels (HIGH &#x2F; MEDIUM &#x2F; LOW) - Never deletes or modifies resources - Is designed for review-only workflows (SRE-friendly, IaC-aware)<p>What it intentionally does NOT do: - No auto-remediation - No cost optimization &#x2F; FinOps dashboards - No agents, no SaaS, no ML - No recommendations based on a single risky signal<p>This is early-stage and I’m explicitly looking for feedback from SREs &#x2F; DevOps folks: - Are these the <i>right</i> problems to focus on? - Are the signals conservative enough to be trusted? - What rules would you actually want next?<p>Repo (MIT licensed): <a href="https:&#x2F;&#x2F;github.com&#x2F;sureshcsdp&#x2F;cleancloud" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;sureshcsdp&#x2F;cleancloud</a><p>If this looks useful, a helps a lot. Brutally honest feedback welcome.<p>Many Thanks Suresh