CloudKeepers onboarding page
Select keepers and review detection rules
Keeper dashboard with savings and severity breakdown
Findings Kanban board for triage
Detection run history
Schedule and detection rule configuration
Cost optimization recommendations with savings analysis
**Workflow:** 1. **Schedule runs**: CostOps scan runs every Wednesday at 10:00 UTC 2. **Review findings**: Your FinOps team reviews the dashboard each Thursday morning, seeing \$14,200/month in identified savings 3. **Assess impact**: For the EC2 right-sizing recommendation, generate impact guidelines and share with engineering to validate performance assumptions 4. **Save to Plan**: Move high-confidence items (orphaned volumes, NAT consolidation) to [Plan](/guide/infrastructure/plan) for approval and scheduling 5. **Execute and track**: Plan workflows handle approvals, scheduling, and execution with full audit trails **Time savings:** From 6-8 hours monthly on spreadsheets and console navigation → 30 minutes weekly to review findings and make governance decisions *** ## **Use Case 2: Continuous Security Posture Monitoring with SecurityOps** **Scenario:** Your organization maintains 12 AWS accounts across dev, staging, and production. Security compliance requires monthly audits, but inconsistent findings (different engineers miss different issues) and no standardized remediation creates gaps. A recent audit found IAM policies that hadn't been reviewed in 8 months. **SecurityOps pilot discovers:** * **IAM configuration drift**: 23 IAM users/roles with overly-broad permissions (Developer policy attached when ReadOnlyAccess would suffice) * **Exposed resources**: 2 S3 buckets with public read access (not intentional); 1 RDS database with public accessibility enabled * **Encryption gaps**: 15 EBS volumes without encryption; 3 S3 buckets lacking default encryption * **Access anomalies**: Root account used for day-to-day operations; detected unused service accounts not cleaned up * **Network exposure**: 4 security groups allowing 0.0.0.0/0 SSH access (high-risk for compute; acceptable for ALBs) **CloudKeepers advantage:** SecurityOps agents understand operational context. They know HTTP/HTTPS from 0.0.0.0/0 is standard for load balancers but dangerous for databases. They prioritize actual exploitability: a root account access key is critical; a read-only service account is low-risk.
Security audit recommendations with remediation steps
**Workflow:** 1. **Schedule runs**: SecurityOps scan runs every Friday at 14:00 UTC (before your Monday compliance standup) 2. **Alert on critical findings**: Your security team receives Slack notifications immediately for high-severity items (exposed database, root account in use) 3. **Review full report**: Monday morning, your security team reviews the findings dashboard—23 medium-risk IAM findings, 2 critical exposure risks 4. **Generate playbooks**: For the S3 bucket fix, generate implementation guidelines with AWS CLI commands; distribute to the owning team 5. **Save to Plan**: Move findings requiring multi-team coordination (e.g., "remove root account access key") to Plan for assignment, approval, and tracking 6. **Close findings**: After remediation, mark findings as resolved or ignored to tune alert tuning **Time savings:** From 4-6 hours weekly on manual IAM reviews, S3 audits, and cross-account checks → 20 minutes to triage alerts and assign remediation tasks *** ## **Integration with Plan for Governance** CloudKeepers findings begin as **drafts** in your infrastructure view. When you're ready to act, you save them to [Plan](/guide/infrastructure/plan), where they become work items with: * **Full audit trails**: Every finding, its status, and remediation steps are documented automatically * **Approvals and assignment**: Route findings to the right teams (security, FinOps, platform engineering) for review and sign-off * **Execution tracking**: Plan tracks status (pending, approved, in progress, completed) with timestamps and ownership * **Compliance evidence**: For audits, Plan provides timestamped records of when issues were identified and how they were resolved This transforms CloudKeepers from an alerting system into a **complete governance platform** where findings are tracked through remediation with full accountability. *** ## **Why CloudKeepers Beat Manual Processes** | Dimension | Manual Audits | CloudKeepers | | ------------------------- | ----------------------------------- | --------------------------------------- | | **Execution frequency** | Monthly (if lucky) | Daily/weekly—continuous guardrails | | **Time investment** | 4-8 hours per session | 2-5 min setup; 15-30 min weekly review | | **Consistency** | Varies by engineer | Identical analysis every run | | **Context understanding** | Relies on engineer judgment | Domain expertise baked into agents | | **Scaling with accounts** | Linear growth (4-6 hrs per account) | Constant time regardless of scale | | **False positives** | High (scripts miss context) | 95% reduction via intelligent filtering | | **Issue detection time** | Weeks to discovery | Hours to detection | | **Knowledge transfer** | Lost when experts leave | Persistent in agent behavior | | **Audit evidence** | Manual documentation | Automatic comprehensive logs | *** ## **Getting Started** 1. **Open CloudKeepers** in your workspace 2. **Configure pilots**: Enable CostOps and SecurityOps with your preferred schedules 3. **Set notifications**: Choose channels and severity thresholds 4. **Run your first scan**: Manually trigger a scan to see findings immediately 5. **Review and save**: Save high-impact findings to Plan for team review and remediation tracking
CloudKeeper scheduler setup interface
Your cloud infrastructure can now maintain continuous guardrails autonomously, freeing your team to focus on strategic initiatives instead of operational toil. *** ## What's Next