Automatisation2024

CloudWeave

Plateforme d'orchestration IaC gérant 200+ ressources cloud avec provisioning automatique, drift detection, cost optimization et compliance as code.

Client

Cloud service provider

Stack

TerraformPulumiGoReactAWS/GCP

Fonctionnalités

200+ ressources

Drift detection

Cost optim

Compliance

Infos

CatégorieAutomation

Année2024

Écrans5

Technologies5

Maquettes

5 écrans

ℹ

Les noms de domaine affichés sont purement illustratifs. Par souci de confidentialité, les vrais domaines des projets ne peuvent être divulgués.

01Dashboard

desktop

cloudweave.io/dashboard

Infrastructure Dashboard

STACKS

6 healthy

RESOURCES

142

across 3 providers

MONTHLY COST

$4,280

↑ 3% vs last month

DRIFT DETECTED

resources

LAST DEPLOY

2h ago

production

Stacks

production-vpc

AWS28Synced$1,240/mo2h ago

production-k8s

AWS35Synced$1,890/mo2h ago

production-rds

AWS12Drift$560/mo5h ago

staging-infra

AWS22Synced$320/mo1d ago

monitoring-stack

GCP18Synced$180/mo3h ago

dns-global

Cloudflare15Drift$45/mo6h ago

ci-runners

GCP8Synced$35/mo12h ago

dev-sandbox

AWS4Synced$10/mo2d ago

By Provider

AWS101 • $4,020

GCP26 • $215

Cloudflare15 • $45

Recent Activity

applyproduction-k8s2h ago

planproduction-rds3h ago

applymonitoring-stack3h ago

driftdns-global6h ago

02Stack détail

desktop

cloudweave.io/stacks/production-k8s

Stacks › production-k8s

production-k8s

AWS • eu-west-1 • 35 resources • Last apply 2h ago

LAST PLAN — Run #247

No changes2h ago by CI/CD

cloudweave plan

Refreshing state... [35 resources]

aws_eks_cluster.main: Refreshing...

aws_eks_node_group.workers: Refreshing...

aws_iam_role.eks_role: Refreshing...

aws_security_group.eks_sg: Refreshing...

kubernetes_namespace.apps: Refreshing...

kubernetes_deployment.api: Refreshing...

kubernetes_service.api_lb: Refreshing...

No changes. Infrastructure is up-to-date.

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

RESOURCES (35)

aws_eks_cluster.main

aws_eks_node_group.workers

aws_eks_node_group.workers-spot

aws_iam_role.eks_role

aws_iam_role.node_role

aws_security_group.eks_sg

aws_security_group.node_sg

kubernetes_namespace.apps

kubernetes_namespace.monitoring

kubernetes_deployment.api

kubernetes_deployment.worker

kubernetes_service.api_lb

helm_release.nginx-ingress

helm_release.cert-manager

helm_release.prometheus

+ 20 more resources

CONFIGURATION

ProviderAWS

Regioneu-west-1

BackendS3 + DynamoDB

EngineTerraform 1.7.2

VCSgithub.com/techcorp/infra

Branchmain

Cost$1,890/mo

RUN HISTORY

#247plan

No changes

#246apply

1 changed

#245apply

3 added

#244plan

3 to add

#243apply

2 changed

03Resources

desktop

cloudweave.io/resources

Resources (142)

Provider ▾Type ▾

Compute (28)Network (24)Storage (18)Database (12)IAM (22)Kubernetes (25)DNS (8)Monitoring (5)

●RESOURCETYPESTACKPROVIDERREGIONCOSTSTATUSMODIFIED

eks-mainaws_eks_clusterprod-k8sAWSeu-west-1$420/mook2h ago

workersaws_eks_node_groupprod-k8sAWSeu-west-1$890/mook2h ago

main-dbaws_rds_instanceprod-rdsAWSeu-west-1$340/modrift5h ago

replica-dbaws_rds_instanceprod-rdsAWSeu-west-1$220/mook1d ago

vpc-mainaws_vpcprod-vpcAWSeu-west-1$0/mook3d ago

pub-subnet-1aaws_subnetprod-vpcAWSeu-west-1$0/mook3d ago

api-lbaws_lbprod-vpcAWSeu-west-1$180/mook1d ago

techcorp.comcloudflare_zonedns-globalCFGlobal$20/modrift6h ago

prom-stackhelm_releasemonitoringK8seu-west-1$45/mook3h ago

app-bucketaws_s3_bucketprod-vpcAWSeu-west-1$12/mook1w ago

04Modules

desktop

cloudweave.io/modules

Modules Registry

AllComputeNetworkDatabaseSecurityKubernetes

AWS

✓ verifiedv2.4.1

vpc-network

Complete VPC with public/private subnets, NAT, and VPN

1.2K downloadsUsed in 3 stacks

AWS

✓ verifiedv3.1.0

eks-cluster

Production-ready EKS cluster with managed node groups and autoscaling

890 downloadsUsed in 2 stacks

AWS

✓ verifiedv1.8.3

rds-postgres

RDS PostgreSQL with Multi-AZ, automated backups, and monitoring

650 downloadsUsed in 2 stacks

AWS

✓ verifiedv2.0.0

s3-bucket

S3 bucket with encryption, versioning, lifecycle, and replication

2.1K downloadsUsed in 4 stacks

AWS

✓ verifiedv1.5.2

iam-roles

IAM roles and policies following least privilege principle

1.8K downloadsUsed in 6 stacks

v1.2.0

cloudflare-dns

Cloudflare DNS zone with records, page rules, and WAF

420 downloadsUsed in 1 stacks

GCP

✓ verifiedv2.0.1

gke-cluster

GKE Autopilot cluster with Workload Identity

340 downloadsUsed in 1 stacks

K8s

v1.3.0

monitoring-stack

Prometheus + Grafana + AlertManager on Kubernetes

580 downloadsUsed in 1 stacks

K8s

✓ verifiedv1.1.0

cert-manager

cert-manager with Let's Encrypt and DNS01 challenge

720 downloadsUsed in 2 stacks

eks-cluster

v3.1.0 • AWS • Published 2 weeks ago

# Usage

module "eks" {

source = "cloudweave/eks-cluster/aws"

version = "3.1.0"

cluster_name = "production"

cluster_version = "1.28"

vpc_id = module.vpc.vpc_id

subnet_ids = module.vpc.private_subnet_ids

node_groups = {

workers = {

instance_types = ["m6i.xlarge"]

min_size = 3

max_size = 10

desired_size = 5

}

05Policies

desktop

cloudweave.io/policies

Policy as Code

TOTAL POLICIES

PASSING

87.5%

FAILING

action required

ADVISORY

non-blocking

Security

4/5 passing

✓

no-public-s3-bucketsHIGH

S3 buckets must not have public access

All

✓

encryption-at-restHIGH

All storage resources must have encryption enabled

All

✓

no-default-vpcMED

Resources must not use the default VPC

All

✗

mfa-iam-usersCRIT

IAM users must have MFA enabled

prod-vpc

✓

no-wildcard-iamHIGH

IAM policies must not use wildcard (*) actions

All

Cost

2/3 passing

✓

max-instance-sizeMED

EC2 instances must not exceed m6i.2xlarge

All

✗

required-tagsMED

All resources must have team, env, and cost-center tags

dns-global

✓

no-unused-eipLOW

Elastic IPs must be associated with a resource

All

Reliability

2/3 passing

✓

multi-az-databasesHIGH

RDS instances must be Multi-AZ in production

prod-rds

✓

backup-enabledHIGH

All databases must have automated backups

All

⚠

min-node-countMED

EKS node groups must have min 3 nodes

prod-k8s

✗mfa-iam-usersFAILING

# policy: mfa-iam-users

rule mfa_required {

resource "aws_iam_user" {

condition = has_mfa_device == true

severity = "critical"

message = "IAM user must have MFA enabled"

}

Violation: aws_iam_user.deploy_bot in stack prod-vpc

User "deploy_bot" does not have MFA configured. This is required for all IAM users per security policy.

Projet suivantTestPilot

ATCHAHOUE

DESTIN

CloudWeave

Client

Stack

Fonctionnalités

Infos

Infrastructure Dashboard

production-k8s

Resources (142)

Modules Registry

Policy as Code