> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cloudthinker.io/llms.txt
> Use this file to discover all available pages before exploring further.

# CloudKeepers

> Enable autonomous pilots that continuously monitor your cloud for cost anomalies, security vulnerabilities, and compliance drift — 24/7.

## What You'll Set Up

CloudKeepers are autonomous pilots that continuously scan your cloud environment for issues — without you having to ask. By the end of this tutorial, you'll have cost and security monitoring running on a schedule, with alerts delivered to your preferred channels.

<Steps>
  <Step title="Navigate to CloudKeepers">
    Go to **Infrastructure** > **CloudKeepers** in your workspace.

    You'll see two pilot types:

    * **[CostOps](/guide/infrastructure/cloudkeepers)**: Monitors spending anomalies, idle resources, and optimization opportunities
    * **[SecurityOps](/guide/infrastructure/cloudkeepers)**: Scans for misconfigurations, risky defaults, compliance drift, and vulnerabilities
  </Step>

  <Step title="Enable CostOps Pilot">
    Click on **CostOps** and configure:

    1. **Schedule**: Set how often the pilot runs (e.g., daily, every 12 hours)
    2. **Scope**: Select which cloud accounts and regions to monitor
    3. **Thresholds**: Define what constitutes an alert-worthy finding (e.g., resources with cost > \$50/month idle for 7+ days)

    Toggle the pilot **On** to activate it.
  </Step>

  <Step title="Enable SecurityOps Pilot">
    Click on **SecurityOps** and configure:

    1. **Schedule**: Set the scan frequency
    2. **Scope**: Select accounts and regions
    3. **Severity threshold**: Minimum severity level to report (Critical, High, Medium, Low)

    SecurityOps scans for:

    * Public access on database ports
    * Unencrypted storage volumes
    * Overly permissive IAM policies
    * Missing logging and monitoring
    * Outdated software versions

    Toggle the pilot **On** to activate it.
  </Step>

  <Step title="Configure Alert Channels">
    Set up where findings get delivered:

    * **In-App**: Findings appear in the CloudKeepers dashboard (always on)
    * **Email**: Send alerts to team members
    * **Slack**: Route alerts to specific channels (e.g., `#cloud-ops`, `#security-alerts`)

    You can set different channels per severity level — for example, Critical findings go to Slack immediately while Low findings only appear in-app.
  </Step>

  <Step title="Review Findings">
    After the first scan completes, go to the **CloudKeepers** dashboard to review findings.

    Each finding shows:

    * **Description**: What was detected
    * **Severity**: Critical, High, Medium, Low
    * **Resource**: The affected resource with direct link
    * **Recommendation**: What to do about it

    For each finding, you can:

    * **Save**: Keep it for tracking and remediation
    * **Ignore**: Dismiss it (e.g., known exception)
    * **Delete**: Remove the finding entirely
  </Step>

  <Step title="Take Action on Findings">
    For findings you want to act on:

    1. Click on the finding to see the full details
    2. Review the **remediation playbook** with impact analysis
    3. Use **Custom Prompt** to ask agents for more context
    4. Click **Implement** to apply the fix with agent assistance

    <Note>
      CloudKeepers scan across all permitted cloud resources — not just the ones you've manually discovered. This means they catch issues in resources you might not even know exist.
    </Note>
  </Step>
</Steps>

***

## CostOps vs SecurityOps

| Aspect               | CostOps                                                        | SecurityOps                                           |
| -------------------- | -------------------------------------------------------------- | ----------------------------------------------------- |
| **Focus**            | Spending, waste, optimization                                  | Compliance, vulnerabilities, risks                    |
| **Typical findings** | Idle instances, unattached volumes, over-provisioned resources | Open ports, missing encryption, excessive permissions |
| **Alert urgency**    | Cost savings opportunities                                     | Security risk mitigation                              |
| **Best schedule**    | Daily or weekly                                                | Every 12 hours or daily                               |

***

## Tips

* **Start with daily scans**: You can always increase frequency once you've tuned the thresholds
* **Route Critical findings to Slack**: Real-time notification for high-severity issues ensures fast response
* **Review and tune weekly**: Ignore false positives to improve signal-to-noise ratio over time
* **Combine with [Assessment](/guide/infrastructure/assessment)**: CloudKeepers catch drift continuously; Assessment provides deep-dive analysis on demand

***

## Next Step

<Card title="Assessment" icon="magnifying-glass" href="/guide/tutorial/assessment">
  Run Well-Architected assessments on your cloud resources
</Card>