Skip to main content

What You’ll Set Up

CloudKeepers are autonomous pilots that continuously scan your cloud environment for issues — without you having to ask. By the end of this tutorial, you’ll have cost and security monitoring running on a schedule, with alerts delivered to your preferred channels.
1

Navigate to CloudKeepers

Go to Infrastructure > CloudKeepers in your workspace.You’ll see two pilot types:
  • CostOps: Monitors spending anomalies, idle resources, and optimization opportunities
  • SecurityOps: Scans for misconfigurations, risky defaults, compliance drift, and vulnerabilities
2

Enable CostOps Pilot

Click on CostOps and configure:
  1. Schedule: Set how often the pilot runs (e.g., daily, every 12 hours)
  2. Scope: Select which cloud accounts and regions to monitor
  3. Thresholds: Define what constitutes an alert-worthy finding (e.g., resources with cost > $50/month idle for 7+ days)
Toggle the pilot On to activate it.
3

Enable SecurityOps Pilot

Click on SecurityOps and configure:
  1. Schedule: Set the scan frequency
  2. Scope: Select accounts and regions
  3. Severity threshold: Minimum severity level to report (Critical, High, Medium, Low)
SecurityOps scans for:
  • Public access on database ports
  • Unencrypted storage volumes
  • Overly permissive IAM policies
  • Missing logging and monitoring
  • Outdated software versions
Toggle the pilot On to activate it.
4

Configure Alert Channels

Set up where findings get delivered:
  • In-App: Findings appear in the CloudKeepers dashboard (always on)
  • Email: Send alerts to team members
  • Slack: Route alerts to specific channels (e.g., #cloud-ops, #security-alerts)
You can set different channels per severity level — for example, Critical findings go to Slack immediately while Low findings only appear in-app.
5

Review Findings

After the first scan completes, go to the CloudKeepers dashboard to review findings.Each finding shows:
  • Description: What was detected
  • Severity: Critical, High, Medium, Low
  • Resource: The affected resource with direct link
  • Recommendation: What to do about it
For each finding, you can:
  • Save: Keep it for tracking and remediation
  • Ignore: Dismiss it (e.g., known exception)
  • Delete: Remove the finding entirely
6

Take Action on Findings

For findings you want to act on:
  1. Click on the finding to see the full details
  2. Review the remediation playbook with impact analysis
  3. Use Custom Prompt to ask agents for more context
  4. Click Implement to apply the fix with agent assistance
CloudKeepers scan across all permitted cloud resources — not just the ones you’ve manually discovered. This means they catch issues in resources you might not even know exist.

CostOps vs SecurityOps

AspectCostOpsSecurityOps
FocusSpending, waste, optimizationCompliance, vulnerabilities, risks
Typical findingsIdle instances, unattached volumes, over-provisioned resourcesOpen ports, missing encryption, excessive permissions
Alert urgencyCost savings opportunitiesSecurity risk mitigation
Best scheduleDaily or weeklyEvery 12 hours or daily

Tips

  • Start with daily scans: You can always increase frequency once you’ve tuned the thresholds
  • Route Critical findings to Slack: Real-time notification for high-severity issues ensures fast response
  • Review and tune weekly: Ignore false positives to improve signal-to-noise ratio over time
  • Combine with Assessment: CloudKeepers catch drift continuously; Assessment provides deep-dive analysis on demand

Next Step

Assessment

Run Well-Architected assessments on your cloud resources