diff --git a/docs/cloud-cost-management/3-use-ccm-cost-reporting/6-use-ccm-dashboards/overview.md b/docs/cloud-cost-management/3-use-ccm-cost-reporting/6-use-ccm-dashboards/overview.md new file mode 100644 index 00000000000..877e4cc9a39 --- /dev/null +++ b/docs/cloud-cost-management/3-use-ccm-cost-reporting/6-use-ccm-dashboards/overview.md @@ -0,0 +1,68 @@ +--- +title: BI Dashboards +description: Learn how to get started with CCM with your chosen cloud provider. +sidebar_position: 20 +sidebar_label: Overview +--- + +import DynamicMarkdownSelector from '@site/src/components/DynamicMarkdownSelector/DynamicMarkdownSelector'; + +BI Dashboards are a collection of charts and data tables with filters that you can use to get at the data you are interested. BI Dashboards serve as a platform for data modeling and analytics using a combination of available business metrics and operational data. You can use this data to make data-driven, informed business decisions. + +Harness provides pre-loaded **[By Harness](/docs/cloud-cost-management/use-ccm-cost-reporting/use-ccm-dashboards/overview#bi-dashboards-by-harness)** (pre-defined) and **[Custom](/docs/platform/dashboards/create-dashboards)** (user-defined) dashboards to visualize cloud cost data across clusters and cloud accounts. + + +## Before You Begin + +* Ensure that you have **Dashboard-All View** permissions assigned. See [Manage Access Control for CCM Dashboards](/docs/cloud-cost-management/access-control/manage-access-control-for-ccm-dashboards.md). +* Ensure that you have set up [Cloud Cost Management (CCM) for your cloud provider](../../get-started/onboarding-guide/set-up-cost-visibility-for-aws.md). + +After setting up cost visibility for the cloud provider and the data is available in the Perspective, you can view the dashboard. The data in the Dashboard is updated dynamically. + +## Creating Custom Dashboards + +Harness BI Dashboards are available across all Harness modules as a platform-wide capability. This guide descibes Dashboard available by Harness for Cloud Costs. To create and customize your own dashboards, refer to the following comprehensive resources: + +* [Create Dashboards](/docs/platform/dashboards/create-dashboards) +* [Create Visualizations and Graphs](/docs/platform/dashboards/create-visualizations-and-graphs) +* [Use Dashboard Actions](/docs/platform/dashboards/use-dashboard-actions) +* [Download Dashboard Data](/docs/platform/dashboards/download-dashboard-data) +* [Create Conditional Alerts](/docs/platform/dashboards/create-conditional-alerts) +* [Schedule and Share Dashboards](/docs/platform/dashboards/share-dashboards) + +## Access the CCM dashboards + +To access the dashboards from the CCM module, perform the following steps: + +1. In the **Harness** application, click **Cloud Costs** > **BI Dashboards** or select **Dashboards** directly. +2. Click on **By Harness** to view the pre-defined dashboards available. The dashboards with "Cloud Costs" tags are pre-defined CCM dashboards. + + +## BI Dashboards by Harness + + + diff --git a/docs/cloud-cost-management/4-use-ccm-cost-optimization/1-ccm-recommendations/1-home-recommendations.md b/docs/cloud-cost-management/4-use-ccm-cost-optimization/1-ccm-recommendations/1-home-recommendations.md index ba9d1402b58..d60688830f1 100644 --- a/docs/cloud-cost-management/4-use-ccm-cost-optimization/1-ccm-recommendations/1-home-recommendations.md +++ b/docs/cloud-cost-management/4-use-ccm-cost-optimization/1-ccm-recommendations/1-home-recommendations.md @@ -14,8 +14,95 @@ redirect_from: import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem'; +:::note +After you enable CCM, it may take up to 48 hours for the recommendations to appear in Cloud Costs. It depends on the time at which CCM receives the utilization data for the service. In **Cloud Costs**, go to the **Recommendations** page. +::: + + + +Harness CCM currently supports these types of OOTB recommendations: +- Azure VM +- AWS EC2 instances +- AWS ECS services +- Nodepool +- Workload +- Governance + +:::tip [Latest Features Released in 1.47.0](/release-notes/cloud-cost-management#april-2025---version-1470) + + Users can now specify estimated savings when marking a recommendation as applied. Upon marking a recommendation as applied, users can now confirm whether the estimated savings matched the actual savings or enter the actual amount saved if different from the estimate. Additionally, after a recommendation has been applied, this savings data from the Applied Recommendations section can be edited. + The Filter panel in the Recommendations view now includes the option to **filter by Cost Categories**. This update is especially valuable for large-scale organizations that manage thousands of recommendations and require structured views to take meaningful action. + The Filter panel in the Recommendations view has been updated to provide a more streamlined experience. + +::: + +## View Recommendations + +To view recommendations, click on the **Recommendations** tab in the navigation bar, which will take you to the homepage. On the Recommendations page, there are two tabs: Open Recommendations and Applied Recommendations. The Open Recommendations tab displays all available recommendations that have yet to be applied, while the Applied Recommendations tab shows the recommendations that have already been implemented. + + +### Open Recommendations + + ![](./static/recommendations-open.png) + +On the Open Recommendations Page, you can view: +- Export CSV: Option to export all recommendations with every data associated with it +- Potential Monthly Savings that can be achieved with the recommendation +- Potential Monthly Spend without applying recommendations. +- Recommendation action for each resource. The Rec +- Option to create Jira Ticket +- Option to configure preferences and presets for recommendations through Settings +- Option to manage the recommendations added to Ignore List +- Different Options to filter Recommendations like: + - Recommendation Type + - Cloud Provider + - More filters like : + ![](./static/recommendations-filter-new.png) + + +### Applied Recommendations + + ![](./static/recommendations-applied.png) + +When you click on an individual recommendation, you’ll be able to view a detailed breakdown of the recommendation, including relevant insights, suggested actions, and any supporting information. + +### Azure VM Recommendations +A highly effective way to reduce Azure VM costs is by optimizing VM utilization. By clicking on the Azure VM recommendation, you can view detailed information, as shown below: + + ![](./static/azure-vm-recommendation-drilldown.png) + +### AWS EC2 Recommendations + +![](./static/aws-ec-recommendation-drilldown.png) + +### AWS ECS Recommendations +![](./static/aws-ecs-recommendation-drilldown-one.png) + +### Nodepool Recommendations +![](./static/nodepool-recommendation-drilldown.png) + +### Workload Recommendations +![](./static/workload-recommendation-drilldown.png) + +### Governance Recommendations + +Please see the links below for details about Governance Recommendations: +- [Azure](https://developer.harness.io/docs/category/governance-for-azure) +- [GCP](https://developer.harness.io/docs/category/governance-for-gcp) +- [AWS](https://developer.harness.io/docs/category/governance-for-aws) + +## Recommendation Settings + +:::note +New Recommendation Preferences may take up to 24 hours to fully update across the platform. However, changes will be reflected immediately on the drill-down page, while the Overview page may take additional time to reflect updates. + :::info After you enable CCM, it may take up to 48 hours for the recommendations to appear in Cloud Costs. It depends on the time at which CCM receives the utilization data for the service. + ::: ## What are Recommendations? diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/1-asset-governance.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/1-asset-governance.md new file mode 100644 index 00000000000..f1dcf90c508 --- /dev/null +++ b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/1-asset-governance.md @@ -0,0 +1,453 @@ +--- +title: Get Started +description: This topic talks about Harness cloud asset governance. +# sidebar_position: 2 +--- +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + +### What is Cloud Asset Governance ? +Cloud Asset Governance is a governance-as-code solution that helps organizations automatically manage their cloud resources according to cost, security, and compliance standards. Instead of relying on manual checks or approvals, it uses rules written as code to enforce policies across your cloud infrastructure. + +
+ +
+

What is Governance?

+

Governance means establishing rules and policies that control how your cloud resources are used. It ensures your cloud environment stays:

+
    +
  • Secure against threats
    • +
  • Cost-effective for your business
    • +
  • Compliant with industry regulations
    • +
+
+ +
+

What is Governance-as-Code?

+

Governance-as-code (GAC) treats governance policies as code instead of manual processes.

+

With GAC, you:

+
    +
  • Write policies in languages like YAML
    • +
  • Apply them automatically across your infrastructure
    • +
  • Enforce policies consistently at scale
    • +
+
+ +
+

What is Cloud Asset Governance?

+

Cloud Asset Governance is a governance-as-code solution that helps you:

+
    +
  • Automatically manage cloud resources
    • +
  • Enforce cost, security, and compliance standards
    • +
  • Replace manual checks with code-based policies
    • +
  • Apply consistent rules across your cloud infrastructure
    • +
+
+ +
+ +
+

Cloud Custodian Integration

+Cloud Asset Governance is built on top of the popular open source software [Cloud Custodian](https://cloudcustodian.io) and covers all the cloud resources for [AWS](https://cloudcustodian.io/docs/aws/resources/index.html), [GCP](https://cloudcustodian.io/docs/gcp/resources/index.html) and [Azure](https://cloudcustodian.io/docs/azure/resources/index.html). The cloud-custodian versions utilised currently are as following: +- c7n==0.9.44 +- c7n_azure==0.7.43 +- c7n_gcp==0.4.43 +
+ +
+ Cloud Custodian vs Harness + +Cloud custodian is a widely used open-source cloud management tool backed by CNCF which helps organizations enforce policies and automate actions to enable them achieve a well maintained cloud environment. It operates on the principles of declarative YAML based policies. With support for multiple cloud providers, including AWS, Azure, and Google Cloud, Cloud Custodian enables users to maintain consistent policies and governance practices across diverse cloud environments, making it particularly appealing for organizations embracing a multi-cloud strategy. + +Cloud Custodian comes with all the goodness of battle testing by the community & detects and auto remediates issues - it does come with its own set of challenges. Let’s dive into what are the key challenges that organizations run into when leveraging Cloud Custodian at scale to manage their assets. + +**Harness vs Cloud Custodian** + +Cloud Custodian, while a widely used open-source cloud management tool, presents several challenges, including lack of a graphical interface, scalability issues, limited reporting and security features, complex policy creation requiring YAML syntax knowledge, and operational overhead. + +In contrast, Harness Cloud Asset Governance retains the strengths of Cloud Custodian while addressing its shortcomings. Harness provides preconfigured governance-as-code rules for easy implementation and customization, powered by FinOps Agent. It offers a fully managed and scalable rule execution engine, reducing operational complexities for organizations. + +The platform also includes a user-friendly visual interface, Role-Based Access Control, and detailed Audit trails for centralized visibility and precise access management. Additionally, Harness incorporates Out-of-the-Box Recommendations to identify cost-saving opportunities and improve compliance and security. By choosing Harness Cloud Asset Governance, organizations can optimize their cloud governance, enhance customization and usability, and overcome the challenges associated with self-hosting Cloud Custodian. + +Harness Cloud Asset Governance streamlines cloud management processes, improves governance efficiency, and enables organizations to achieve a well-managed cloud environment effectively. More details about the comparison can be found here. + +
+ +---------- + +## Get Started + +- **[Configure CCM Connector](/docs/cloud-cost-management/get-started/#aws)** + - Navigate to **Setup** > **Cloud Providers** > **Add a Connector** + - Select your cloud provider (AWS, Azure, or GCP) + - During [connector setup](/docs/cloud-cost-management/get-started/#aws), ensure you select **"Cloud Governance"** under **"Choose Requirements"**. + + + +- **Verify Required Permissions** + - Ensure your connector has [all required permissions for each cloud provider](/docs/cloud-cost-management/feature-permissions): + - For AWS: Verify IAM roles include necessary read permissions for resource discovery + - For Azure: Confirm service principal has appropriate Reader roles + - For GCP: Check service account permissions for resource monitoring + + +After connector configuration, CCM takes up to 24 hours to collect data and identify resources. + +------ + +### Key Concepts + +Cloud Asset Governance operates through four essential concepts working together: **Rules, Rule Sets, Enforcements, Evaluations**. + + + + +## Rules + +**Rules** are set of instructions you write in form of **code** to manage your cloud resources **automatically**. A **Rule** is essentially a file with a set of logic that you can run on your cloud infrastructure. + +**Example:** Suppose you want all your EBS volumes to use the newer, cheaper **gp3** type instead of gp2. +- **Without rules**: you'd have to manually check every volume and upgrade it. +- **With a rule**: the system **finds all gp2 volumes** and **migrates them to gp3** for you. + +**What makes up a Rule:** Ideally, rules contain **policies** which include **resource**, **filters**, and **actions**. A rule is written in **YAML format**. Rules can include **multiple policies**. + + + +- A **policy** is the overall instruction and consists of filters and actions that are applied to a specific type of cloud resource. + +- A **resource** is the type of cloud resource or service on which the rule will be run with the actions and filters, such as Azure VMs, AKS, Cosmos DB, etc. + +- A **filter**, as the name suggests, is a criteria used to narrow down the results based on the attributes. These attributes can include anything such as tags, metadata, or any other resource property provided by you. When the filter is applied, only those resources that match the criteria specified in the filter are given as a result. + +- **Actions** are operations performed on the filtered resources. Actions include things like terminating an azure vm, deleting an azure storage-container, or sending an email notification. + + + + +So essentially, **a Rule is a file that includes logic defined by a policy that performs certain actions on the resource based on the filters provided by the user**. + + + +:::info +We now have Terraform support for managing Governance Rules. Please see [here](https://registry.terraform.io/providers/harness/harness/latest/docs/resources/governance_rule) for more details. +::: + + +#### Create a new Rule + +- In **Harness**, go to **Cloud Costs** > **Asset Governance** > **Rules**. Select **+ New Rule**. + + + +- Enter a name for the rule, select the cloud provider. Also, enter Savings prediction in percentage (optional). This custom percentage will be honored during savings computation. Savings prediction is used to calculate the savings that can be achieved by enforcing the rule. +- Optionally, enter a description of the rule. Select **Apply**. +- Enter the YAML policy in the rule editor. Select **Save**. If the policy is invalid, an error message is displayed. +- Select the **Account/Project/Subscription** and the **Region** from the dropdown list in the Test Terminal. Select **Dry Run** to view the instances or services that will be acted upon when you enforce the rule. +- After evaluating the output, select **Run Once** to execute the rule. + + + + +#### Update/Delete a Rule + +- You can view the Rules on the Asset Governance Rules page. You can click on Edit button from the vertical ellipsis menu (⋮) to edit a Rule or simply click on the Rule to open Rule editor and then make changes. + +- To delete a Rule Set, click on Delete from the vertical ellipsis menu (⋮). + + + +#### Testing Terminal + +In the rule editor, a test terminal is present for users to see the output in the terminal itself upon evaluating a Rule. This is done to ensure that users can run the rules and try accordingly to check how the output would look on the selected subscription and region. There are two options: first, to select the target subscription and second, to select the regions. After providing the relevant inputs, the users can select either to dry run the rule first, run it once or enforce the rule. + + + +After this, the resources identified are shown on the output terminal in JSON format. With this output, users can perform different actions like searching, downloading, filtering, sorting and picking. + + + +#### Searching in Output Terminal +After the output is rendered, users can search for any keywords in the output terminal. This streamlines troubleshooting and debugging processes and helps to efficiently locate required information amidst large volumes of output data. + +#### Zip Downloads +The JSON output can be downloaded in either JSON format or a CSV format(original or flatted) into a single zip archive. + +#### JSON Filtering +The output can be filtered based on the keys present in the JSON output. Currently, filtering on the basis of `==`, `!=`, `<`, `<=`, `>`, `>=` is supported in terms of numeric key values and if the key's value is a string, string matching using `LIKE` is supported. This feature enables users to extract specific fields, filter out irrelevant data, and perform relevant queries on JSON datasets. + +#### Sorting +The output can be sorted based on the keys present in the JSON output in either an `ASCENDING` or `DESCENDING` manner. + +#### Pick +If output needs to be streamlined and only a few keys-value pairs are required, 'Pick' functionality can be used. Using this, users can pick only the required keys and see the data associated with them in the output. + +:::info +If multiple Regions and/or multiple Subscriptions are selected, the Output Terminal will render the links to the Evaluations page for all the individual evaluations per Subscription-Region pair. From that page, upon clicking on individual evaluations, detailed output and logs can be seen. +::: + + + + + + + + +## Rule Sets + +As mentioned previously, a Rule can have multiple policies. However, when there are multiple rules with multiple policies, it can become hard to manage them all together. This is where **Rule Sets** can be used. Rule sets serve as logical bindings on top of individual rules that help you organize and manage rules. By organizing rules into sets, organizations improve accessibility and simplify maintenance, as enforcements can be made against the entire rule set rather than individual rules. + + + + +#### Create a new Rule Set + +To create a Rule Set, perform the following steps: + +- In **Harness**, go to **Cloud Costs** > **Asset Governance** > **Rules** > **Create a new Rule Set** +- Enter a name for the rule set. Optionally, enter a description of the rule set. +- Select the cloud provider and click on Next. +- Select the rules that you want to add to the rule set. Select **Create Rule Set**. + +The rule set is created successfully. + + + + + + +- You can view the rule set on the **Asset Governance Rules** page. Expand the rule set to view the individual rules in the rule set. +- Select **Enforce Rule Set** in the Enforcements column to enforce this rule set. + +#### Update/Delete Rule Set + +- You can view the Rule Set on the Asset Governance Rules page. Expand the rule set to view the individual rules in the rule set. You can click on Edit button from the vertical ellipsis menu (⋮) to edit the rule set. + +- To delete a Rule Set, click on Delete from the vertical ellipsis menu (⋮). + + + + :::info +We now have Terraform support for managing Governance RuleSets. Please see [here](https://registry.terraform.io/providers/harness/harness/latest/docs/resources/governance_rule_set) for more details. +::: + + + +## Enforcements + +:::info +- Each enforcement can now have up to **10,000 evaluations**. The cap is calculated as `Rules × Accounts × Regions` and replaces the earlier individual limits on rules, rule sets, accounts, or regions. + +- We now have Terraform support for managing Governance Enforcements. Please see [here](https://registry.terraform.io/providers/harness/harness/latest/docs/resources/governance_rule_enforcement) for more details. +::: + +**Enforcements** enable you to enforce a certain set of **Rules** or **Rule Sets** (also known as governance guardrails) against a specific set of **targets** (accounts, projects, or subscriptions) to run **periodically**. Sometimes, we need rules to run periodically, such as every day, week, or month. However, running these rules manually every day or week at a specified time creates extra overhead and is a slow process prone to manual errors. + +>> To solve this, **Enforcements** allow users to set up a timely **schedule** and choose the **day**, **time**, and **frequency** for their rules or rule sets. + +For example: +A user can create an **Enforcement** to schedule the deletion of all unattached disks. This Enforcement will run on the **days specified by the user**, at the **specified time**, and with the **specified frequency (hourly, daily, monthly)**. For instance, you could set it to run **daily** at 2:00 AM to ensure that any unattached disks meeting the criteria are removed. Alternatively, you might choose to run it **hourly** during peak usage times, or **monthly** for less critical cleanup tasks. + + + + +#### FinOps Agent Suggested Enforcements + + + +Harness CCM's intelligent **FinOps Agent** analyzes your cloud environment to automatically identify cost-saving opportunities and suggest appropriate governance enforcements. Each suggested enforcement is created as a **draft** that you can review before implementation. + +To implement a suggested enforcement, simply review and accept it. The system will then automatically create and schedule the enforcement to run against the specified accounts. All evaluations from these accepted suggestions appear on the Evaluations page alongside your manually created enforcements, providing a unified view of all governance activities. + + + +#### Create a new Enforcement +To create an Enforcement, perform the following steps: +In your **Harness** application, go to **Cloud Costs** > **Asset Governance** > **Enforcements** > **+ New Enforcement** + + + +- Enter a name for the Enforcement. Optionally, enter a description of the Enforcement. Select the cloud provider. + + + + + +- Select the rules or rule sets that you want to enforce. By enforcing a rule or rule set, you are ensuring that the policies defined in the rule or rule set are applied to the target accounts/project/subscription and regions. + + + +- Select the target accounts/project/subscription and target regions that you will be running the Enforcements on. +- Set the frequency from **Hourly**, **Daily**, or **Weekly** options. In case you select Daily or Weekly, specify the day, time, and time zone to run the rule on schedule. +- Toggle the **Dry Run** mode if you do not want to take action immediately. +- Select **Finish**. + + + + + +After setting up the schedule, you can view the Enforcement on the **Enforcements** page. + + + +Furthermore, you can disable the Enforcement at any time using the toggle button in the **Status** column. If you want to turn off the dry-run mode, select **Edit** from the vertical ellipsis menu (⋮) then go to "Target And Schedule", use slider to turn off "Enforce Rule(s) in Dry Run mode" and click on Finish. + +#### Update/Delete an Enforcement + +- You can view any Enforcements on Rule Enforcements page. Click on the enforcement to view details such as the rules, target accounts, and regions included in the enforcement. For updating, you can use the "Edit" button from the vertical ellipsis menu (⋮) to update the enforcements as per your convenience. + +- To delete an enforcement, simply click on “Delete” from the vertical ellipsis menu (⋮). + + + + + + + +## Evaluations + +Evaluations include all the data about enforcements run (both RUN ONCE from rule editor and from Enforcement). The Evaluations window also shows you the total cost impact with each Enforcement i.e. the costs or spendings associated with each Evaluation along with the last time that Rule/Rule set was enforced. With Evaluations, you can view and audit all the Enforcements that ran in the past. + +Harness CCM also supports multiple statuses for evaluations. Currently CCM supports three statuses for an evaluation: + +- Success: If the evaluation is completed without any errors, the status of the evaluation is shown as "Successful". +- Failure: If the evaluation is not completed and has errors, the status of the evaluation is shown as "Failure". +- Partial Success: If the evaluation is successful without any Harness errors but Cloud Custodian has additional logs and/or in case of multi-policy evaluations, if the evaluation was successful only for a subset of resources, the status is shown as "Partial Success". + + + +#### View Evaluations + +1. In your **Harness** application, go to **Cloud Costs**. +2. Select **Asset Governance**. +3. Select **Evaluations**. +4. You can see all the Evaluations of Rules listed on the window. +4. Select the rule for which you want to view the Evaluation details. The target subscription, region, identified resources and evaluation logs are displayed. + +In the output window, users can see the resources identified in form of a Table or JSON. The table view supports all the filters and flattening of the table is supported as well. That essentially means, nested propoerties are flattened. By default, nested objects and arrays are collapsed and can be expanded upto two levels. Further nested properties are shown as formatted JSON. + + + +#### Filters in Evaluations List Page + +You can create filters to view selected rules: + +1. Select the filter icon. +2. Enter a name. +3. Select who can edit and view the filter. +4. Select one or more of the following criteria to filter the results: + * Rules + * Rule Sets + * Enforcements + * Minimum Cost Impact ($) + * Cloud Provider + * Azure Filters + - Azure Subscription + - Target Regions + +5. Select **Apply**. + + + +:::important note +Number of evaluations for which we can compute cost impact is 1,50,000/ Day. +::: + +### Bulk Export Evaluations + +Use **Bulk Export** to download up to 100 evaluation results (AWS, GCP, or Azure) in a single ZIP file. Export is available when all selected evaluations are in a terminal state (Succeeded or Failed). + +**How to export** +1. Click **Export**. +2. Choose the artefacts to include: + - `metadata.json`: summary of each evaluation + - `resources.json`: resources identified + - `custodian-run.log`: execution log + - `actioned-resources.json`: resources acted on +3. Click **Generate Report**. + +The ZIP file is organised by evaluation ID (or by policy sub-folders for multi-policy runs) so you can quickly locate results. You can also export from the **Test Terminal** when evaluating multiple targets. + + + + + + +--------- + +## Asset Governance Overview Page + +Here is an in-depth explanation of the Overview page and the information it displays for the users: + + + + + +- **Total Evaluations**: The total number of evaluations performed to date. +- **Total Enforcements**: The total number of active enforcements created to date. +- **Total Savings**: The total cost savings achieved from day one to date. +- **Savings in Timeframe**: The total cost savings achieved in the timeframe selected. +- **FinOps Agent Suggested Actions**: The number of suggested actions by our intelligent FinOps Agent. +- **Evaluations in Timeframe**: Harness supports multiple statuses for Evaluations. The overview page now displays a detailed breakdown of evaluation counts by status. - Total Evaluations: The total number of evaluations in the timeframe selected. - Success Evaluations: Total number of evaluations with status as "Successful". - Failure Evaluations: Total number of evaluations with status as "Failure". - Partial Success Evaluations: Total number of evaluations with status as "Partial Success". +- **Savings Breakdown**: A granular graph that shows savings breakdown across different cloud providers and resources. You can see savings broken down by: +- **Cloud Provider**: This shows total cost savings for each cloud provider. +- **Evaluations Trend** - This graph shows evaluations performed per day in the selected timeframe. If timeframe is selected for more than 2 months, the evaluations are shown per month in the selected timeframe. Also, evaluations along with their status i.e. "Success", "Partial Success" and "Failed" are shown. +- **Rules Generating Recommendations**: This section displays all governance rules that are configured to generate actionable cost optimization recommendations. You can convert any existing governance rule into a recommendation source by enabling it in this section. For each rule, you can specify targeted application (all cloud accounts or specific accounts only), set recommendation priority levels, and define potential savings thresholds. These recommendations will then appear in both the Governance dashboard and the centralized CCM Recommendations hub for streamlined cost optimization. + +- **Alerts** : Alerts allow you to receive notifications when certain conditions are met during governance evaluations. These conditions can be fine-tuned based on cloud providers, resource types, account/subscription/project , cost impact, and resource count. +You can create alerts by defining the following parameters: + - **Cloud Provider** : Choose the cloud platform(s) where the policy evaluation should trigger an alert: **AWS**, **GCP**, or **Azure**. + - **Resource Type** : Select the type of resources to monitor. These are defined based on [Cloud Custodian](https://cloudcustodian.io/) resource types. + - **Accounts / Subscriptions / Projects** : Specify the scope of the alert: **AWS accounts**, **Azure subscriptions**, or **GCP projects**. + - **Minimum Resource Count** : Set the threshold for the number of resources. + - **Minimum Cost Impact** : Set minimum cost impact associated with an evaluation. + - **Specify Alert Channels**: Enter one or more email addresses to receive alert notifications. + - **Attach Evaluation Output**: Enable this to **attach a `.json` file** containing the full evaluation output in the email. Useful for automated analysis or deep dives. + +:::note +- **Granular RBAC for Governance Alerts**: You can assign granular permissions for Governance Alerts to specific resource groups and roles, enabling more precise access control. + + **For Resource Groups:** + 1. Navigate to **Account Settings** > **Access Control** > **Resource Groups** + 2. Select an existing Resource Group or create a new one + 3. Enable the **Cloud Asset Governance Alerts** permission + 4. Choose between **All** alerts or **Specified** alerts for more granular control + + + + **For Roles:** + 1. Navigate to **Account Settings** > **Access Control** > **Roles** + 2. Select an existing Role or create a new one + 3. Enable the **Cloud Asset Governance Alerts** permission + 4. Assign specific permissions such as **View** or **Edit/Delete** + + +::: + + + + + + +- **Recommendations** - Governance Overview displays a list of all recommendations that can help optimize the cloud assets and minimize cloud costs. Governance Overview highlights the total potential savings that can be achieved if all recommendations are applied. + Additional to this, for each recommendation, Harness shows more details like: + - **Potential Monthly Savings**: Monthly cost savings that can be realized if the recommendations are applied. + - **Potential Monthly Spend**: Potential Monthly Spend is the monthly spend for all the resources that surfaced out as part of recommendations. Why potential? Because the resource might be newly added and Harness looks at the last 30 days of cost data which might not be present for all the days for newly created resources. + - **Resource Count**: Number of resources to which the recommendation will be applied. + - **Ignored list tag** if the recommendation is added to the "Ignored list". - Option to **view details** about the recommendation like which Account (in case of Azure, AWS)/ Project (in case of GCP), resource (AWS, Azure) the recommendation was applied to, the enforcements, etc. + - **Custom Recommendations**: All Custom Recommendations show up with a "Custom" badge after successful creation. + + :::important note + - In case of AWS and Azure, Account/ Subscription and region combination with greater than 300$ of monthly spend are considered for recommendations. + - In case of GCP, Project with greater than 300$ of monthly spend is considered for recommendations. + ::: + +To apply a recommendation, select the row. The recommendation opens on the **Recommendations** page. To learn how to enforce this recommendation, go to Governance recommendations. + +You can see a list of all recommendations offered by Harness for each Cloud provider here: + +- [Asset Governance recommendations for AWS](https://developer.harness.io/docs/cloud-cost-management/use-ccm-cost-governance/asset-governance/aws/AWS-recommendations) +- [Asset Governance recommendations for Azure](https://developer.harness.io/docs/cloud-cost-management/use-ccm-cost-governance/asset-governance/azure/azure-recommendations) +- [Asset Governance recommendations for GCP](https://developer.harness.io/docs/cloud-cost-management/use-ccm-cost-governance/asset-governance/gcp/gcp-recommendations) + + + diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/_category_.json b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/_category_.json similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/_category_.json rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/_category_.json diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/recommendations.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/recommendations.md new file mode 100644 index 00000000000..94b888a6c47 --- /dev/null +++ b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/recommendations.md @@ -0,0 +1,1547 @@ +--- +title: Governance Recommendations +description: This topic describes how to optimize cloud costs using asset governance. +# sidebar_position: 2 +--- + +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + +Recommendations help kickstart your journey with governance. Essentially, Harness run certain policies behind the scenes to generate recommendations for your governance-enabled AWS accounts. These policies not only help to cut costs but also increase the efficiency of your system. On the Governance Overview page, Harness showcases recommendations that will benefit you to save costs on associated resources. You can click on any recommendation to view its details. + + +## Recommendations By Harness + +Cloud Asset Governance provides valuable recommendations, but when it comes to operationalizing them at scale, it might become challenging. Additionally, when using shared cloud accounts across teams, project-level recommendations might not work out. With Granular Recommendations, Governance recommendations will now be generated at the individual resource level, ensuring greater granularity and actionable insights for both custom and out-of-the-box (OOTB) recommendations. This enhancement simplifies implementation and tracking, allowing customers to take more effective action on governance recommendations at scale. + + + + +
+Recommendation:delete-unattached-aws-ebs + +**Description:** Delete all ebs volumes which are unattached + +**Policy Used:** +```yaml +policies: + - name: delete-unattached-aws-ebs + resource: ebs + filters: + - Attachments: [] + - State: available + actions: + - delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```ec2:DetachVolume``` + - ``` ec2:DescribeVolumes``` +- **Run Once:** + - ```ec2:DetachVolume``` + - ```ec2:DeleteVolume``` + - ```ec2:DescribeVolumes``` + +--- +
+ +
+Recommendation: list-low-request-count-aws-elb + +**Description:** List ELBs with low request count + +**Policy Used:** +```yaml +policies: + - name: list-low-request-count-aws-elb + resource: elb + description: List ELBs with low request count + filters: + - type: metrics + name: RequestCount + statistics: Sum + days: 7 + value: 7 + missing-value: 0 + op: less-than +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```cloudwatch:GetMetricData``` + - ```elasticloadbalancing:DescribeLoadBalancers``` + +- **Run Once:** + - ```cloudwatch:GetMetricData``` + - ```elasticloadbalancing:DescribeLoadBalancers``` + +--- +
+
+Recommendation: migrate-gp2-to-gp3-aws-ebs + +**Description:** Migrate gp2 volumes to gp3 + +**Policy Used:** +```yaml +policies: + - name: migrate-gp2-to-gp3-aws-ebs + resource: ebs + filters: + - VolumeType: gp2 + - modifyable + actions: + - type: modify + volume-type: gp3 +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. Then, 20% of that sum is taken as the savings. + +Ref: https://aws.amazon.com/blogs/storage/migrate-your-amazon-ebs-volumes-from-gp2-to-gp3-and-save-up-to-20-on-costs/ + + +**Permissions Required:** +- **Dry Run:** + - ```ec2:DescribeVolumeAttribute``` + - ```ec2:DescribeVolumesModifications``` +- **Run Once:** + - ```ec2:DescribeVolumeAttribute``` + - ```ec2:ModifyVolumeAttribute``` + - ```ec2:DescribeVolumesModifications``` + +--- +
+
+Recommendation: delete-volume-absent-aws-ebs-snapshot + +**Description:** Delete snapshots with no volumes + +**Policy Used:** +```yaml +policies: + - name: delete-volume-absent-aws-ebs-snapshot + description: Find any snapshots that do not have a corresponding volume. + resource: aws.ebs-snapshot + filters: + - type: volume + key: VolumeId + value: absent + actions: + - delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```ec2:DescribeVolumes``` +- **Run Once:** + - ```ec2:DescribeVolumes``` + - ```ec2:DeleteSnapshot``` + +--- +
+
+Recommendation: stop-unused-aws-rds + +**Description:** Stop unused RDS database + +**Policy Used:** +```yaml + policies: + - name: stop-unused-aws-rds + resource: rds + description: Stop unused RDS database + filters: + - type: value + key: DBInstanceStatus + value: available + - type: metrics + name: DatabaseConnections + statistics: Sum + days: 7 + value: 0 + op: equal + actions: + - stop +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```rds:DescribeDBInstances``` +- **Run Once:** + - ```rds:DescribeDBInstances``` + - ```rds:StopDBInstance``` + +--- +
+
+Recommendation: delete-unused-aws-elb + +**Description:** Delete unused ELB + +**Policy Used:** +```yaml +policies: + - name: delete-unused-aws-elb + resource: elb + filters: + - Instances: [] + actions: + - delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```elasticloadbalancing:DescribeLoadBalancers``` +- **Run Once:** + - ```elasticloadbalancing:DescribeLoadBalancers``` + - ```elasticloadbalancing:DeleteLoadBalancer``` + +--- +
+
+Recommendation: release-unattached-aws-elastic-ip + +**Description:** Release unattached Elastic IPs + +**Policy Used:** +```yaml +policies: + - name: release-unattached-aws-elastic-ip + resource: aws.elastic-ip + filters: + - AssociationId: absent + actions: + - release +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```ec2:DescribeAddresses``` +- **Run Once:** + - ```ec2:DescribeAddresses``` + - ```ec2:ReleaseAddress``` + +--- +
+
+Recommendation: delete-underutilized-aws-cache-cluster + +**Description:** Delete underutilized cache cluster with CPU utilization less than 5% in the last 7 days. + +**Policy Used:** + +```yaml +policies: + - name: delete-underutilized-aws-cache-cluster + resource: cache-cluster + description: | + Delete underutilised cache cluster with CPU utilisation less than 5% in last 7 days + filters: + - type: metrics + name: CPUUtilization + days: 7 + period: 86400 + value: 5 + op: less-than + actions: + - type: delete + skip-snapshot: false +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```elasticache:DescribeCacheClusters``` +- **Run Once:** + - ```elasticache:DescribeCacheClusters``` + - ```elasticache:DeleteCacheCluster``` + - ```elasticache:DeleteReplicationGroup``` + +
+
+Recommendation: configure-lifecycle-aws-s3 + +**Description:** Configure lifecycle for S3 buckets wherever it is absent which would help to reduce storage spend + +**Policy Used:** + +```yaml +policies: + - name: configure-lifecycle-aws-s3 + resource: aws.s3 + description: | + Configure lifecycle for s3 buckets wherever it is absent which would help to reduce storage spend + filters: + - type : value + key : Lifecycle + value : absent + actions: + - type: configure-lifecycle + rules: + - ID: harness-default-lifecycle + Status: Enabled + Filter: + Prefix: '' + Expiration: + ExpiredObjectDeleteMarker: True + AbortIncompleteMultipartUpload: + DaysAfterInitiation: 7 + NoncurrentVersionExpiration: + NoncurrentDays: 30 + NewerNoncurrentVersions: 6 +``` + + +**Savings Computed**: +To estimate the percentage cost savings from the given S3 lifecycle policies, we need to look at the specific actions and apply some reasonable assumptions. Here's a step-by-step approach: + +1. Abort Incomplete Multipart Uploads after 7 days: +- Assumption: 5% of all uploads are incomplete and are not cleaned up without this policy. +- Cost Impact: Each incomplete multipart upload that is aborted saves the storage cost of the data uploaded so far. + +2. Expire Noncurrent Versions after 30 days (keeping 6 versions): +- Assumption: Each object has, on average, 10 noncurrent versions stored. Expiring noncurrent versions after 30 days, keeping only the latest 6, will delete 4 out of every 10 noncurrent versions. +- Cost Impact: Deleting 40% of noncurrent versions reduces the total storage used by these versions. + +**Example Calculation** + +Let's assume the following for a single S3 bucket: + +**Total Storage Used**: 1 TB (1,024 GB) in the S3 Standard storage class. + +**Storage Distribution:** +- Current versions: 50% (512 GB) +- Noncurrent versions: 40% (410 GB) +- Incomplete multipart uploads: 10% (102 GB) + +**Calculations:** + + + +**Total Savings** + + +References: +- [AWS S3 Lifecycle Policies](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) +- [AWS S3 Pricing](https://aws.amazon.com/s3/pricing/) +- [Managing S3 Costs](https://aws.amazon.com/blogs/storage/optimizing-costs-with-amazon-s3-lifecycle-configurations/) + +**Permissions Required:** +- **Dry Run:** + - ```s3:GetLifecycleConfiguration``` +- **Run Once:** + - ```s3:GetLifecycleConfiguration``` + - ```s3:PutLifecycleConfiguration``` + +
+
+Recommendation: set-intelligent-tiering-aws-s3 + +**Description:** Configure intelligent tiering for S3 buckets wherever it is disabled which would help to reduce storage spend. + +**Policy Used:** + +```yaml +policies: + - name: set-intelligent-tiering-aws-s3 + resource: aws.s3 + description: | + Configure intelligent tiering for s3 buckets wherever it is disabled which would help to reduce storage spend. + filters: + - not: + - type: intelligent-tiering + attrs: + - Status: Enabled + actions: + - type: set-intelligent-tiering + Id: harness-default + IntelligentTieringConfiguration: + Id: harness-default + Status: Enabled + Tierings: + - Days: 90 + AccessTier: ARCHIVE_ACCESS + - Days: 180 + AccessTier: DEEP_ARCHIVE_ACCESS +``` + +**Savings Computed:** +- **Frequent Access Tier:** This tier is equivalent in cost to the standard S3 storage, so no savings here. +- **Infrequent Access Tier:** Data not accessed for 30 days moves here, saving approximately 45% compared to standard S3 storage​. +- **Archive Instant Access Tier:** Data not accessed for 90 days moves here, with savings of up to 68% compared to standard storage​. +- **Archive Access Tier:** If configured, data not accessed for 90 days can move here, offering around 71% savings​. +- **Deep Archive Access Tier:** Data not accessed for 180 days can be moved to this tier, providing up to 95% savings. + +**Example Calculation** + +Assume you have 1 TB of data stored in S3 standard storage: + + + +**Example Scenario** + +If 20% of your data transitions to the Infrequent Access tier after 30 days, 20% moves to Archive Access after 90 days, and 10% moves to Deep Archive Access after 180 days, your costs might look like this: + + + + This results in a cost savings of approximately 32.76% compared to keeping all data in standard S3 storage ($23.00 per month vs. $15.463 per month). + + References: + - [AWS intelligent tiering](https://aws.amazon.com/s3/storage-classes/intelligent-tiering/) + - [AWS S3 Pricing](https://aws.amazon.com/s3/pricing/) + +**Permissions Required:** +- **Dry Run:** + - ```s3:GetBucketIntelligentTieringConfiguration``` +- **Run Once:** + - ```s3:GetBucketIntelligentTieringConfiguration``` + - ```s3:PutIntelligentTieringConfiguration``` + +
+
+Recommendation: delete-underutilized-aws-redshift + +**Description:** Delete any Amazon Redshift cluster where CPU Utilization has been less than 5% for the last 7 days + +**Policy Used:** + +```yaml +policies: + - name: delete-underutilized-aws-redshift + resource: redshift + description: | + Delete redshift cluster where CPU Utilization is less than 5% for last 7 days + filters: + - type: metrics + name: CPUUtilization + days: 7 + period: 86400 + value: 5 + op: less-than + actions: + - delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```redshift:DescribeClusters``` +- **Run Once:** + - ```redshift:DescribeClusters``` + - ```redshift:DeleteCluster``` + +
+
+Recommendation: delete-old-manual-aws-redshift-snapshot + +**Description:** Delete all redshift snapshots older than 35 days with a lifetime retention period + +**Policy Used:** + +```yaml + +policies: + - name: delete-old-manual-aws-redshift-snapshot + resource: redshift-snapshot + description: | + Delete all redshift snapshot older than 35 days with lifetime retention period + filters: + - "ManualSnapshotRetentionPeriod": -1 + - type: age + days: 35 + op: gt + actions: + - delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```redshift:DescribeClusterSnapshots``` +- **Run Once:** + - ```redshift:DeleteClusterSnapshot``` + - ```redshift:DescribeClusterSnapshots``` + +
+
+Recommendation: delete-empty-aws-dynamodb-table + +**Description:** Delete DyanmoDB tables which are empty + +**Policy Used:** + +```yaml +policies: + - name: delete-empty-aws-dynamodb-table + resource: dynamodb-table + description: | + Delete DyanmoDB tables which are empty + filters: + - TableSizeBytes: 0 + actions: + - delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +
+
+Recommendation: delete-stale-aws-log-group + +**Description:** Delete stale cloud watch log groups + +**Policy Used:** + +```yaml +policies: + - name: delete-stale-aws-log-group + resource: log-group + description: | + Delete stale cloud watch log groups + filters: + - type: last-write + days: 60 + actions: + - delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +
+
+Recommendation: delete-stale-aws-rds-snapshot + +**Description:** Delete all stale(older than 28 days) RDS snapshots + +**Policy Used:** + +```yaml +policies: + - name: delete-stale-aws-rds-snapshot + resource: rds-snapshot + description: | + Delete all stale(older than 28 days) RDS snapshots + filters: + - type: age + days: 28 + op: ge + actions: + - delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +
+
+Recommendation: delete-unencrypted-aws-firehose + +**Description:** Delete Firehose which are not encrypted + +**Policy Used:** + +```yaml +policies: + - name: delete-unencrypted-aws-firehose + resource: firehose + description: | + Delete Firehose which are not encrypted + filters: + - KmsMasterKeyId: absent + actions: + - type: delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +
+
+Recommendation: delete-unencrypted-aws-sqs + +**Description:** Delete SQS which are not encrypted + +**Policy Used:** + +```yaml +policies: + - name: delete-unencrypted-aws-sqs + resource: sqs + description: | + Delete SQS which are not encrypted + filters: + - KmsMasterKeyId: absent + actions: + - type: delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +
+
+Recommendation: delete-unused-aws-nat-gateway + +**Description:** Delete unused NAT Gateways based on no associated traffic in past 7 days. + +**Policy Used:** + +```yaml +policies: + - name: delete-unused-aws-nat-gateway + resource: nat-gateway + description: | + Delete unused NAT Gateways based on no associated traffic in past 7 days. + filters: + - type: metrics + name: BytesOutToDestination + statistics: Sum + period: 86400 + days: 7 + value: 0 + op: eq + actions: + - type: delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. +
+ + + + + +
+Recommendation: delete-idle-gcp-image + +**Description:** Delete GCP recommended idle images + +**Policy Used:** +```yaml +policies: + - name: delete-idle-gcp-image + description: | + Delete GCP images which are not used to create a disk for at least 15 days and not used in any instance template. + These idle images are fetched from GCP recommender. + resource: gcp.image + filters: + - type: recommend + id: google.compute.image.IdleResourceRecommender + actions: + - type: delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: `recommender.computeImageIdleResourceRecommendations.list` +- Run Once: + - `recommender.computeImageIdleResourceRecommendations.list` + - `compute.images.delete` + +--- +
+
+Recommendation: delete-never-attached-gcp-disk + +**Description:** Delete GCP recommended idle persistent disks which were never attached to a VM and is blank + +**Policy Used:** +```yaml +policies: + - name: delete-never-attached-gcp-disk + description: | + Delete GCP disks which are created at least 15 days ago and never attached to a VM and is blank. + These idle disks are fetched from GCP recommender. + resource: gcp.disk + filters: + - type: recommend + id: google.compute.disk.IdleResourceRecommender + - type: value + key: lastAttachTimestamp + value: + op: eq + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: `recommender.computeDiskIdleResourceRecommendations.list` +- Run Once: + - `recommender.computeDiskIdleResourceRecommendations.list` + - `compute.disks.delete` + +--- +
+
+Recommendation: stop-forever-running-gcp-instance + +**Description:** Stop the gcp instances that have an uptime greater than 30 days. + +**Policy Used:** +```yaml +policies: + - name: stop-forever-running-gcp-instance + description: | + Stop the gcp instances that have an uptime greater than 30 days. + resource: gcp.instance + filters: + - type: metrics + name: compute.googleapis.com/instance/uptime_total + aligner: ALIGN_NONE + value: 2592000 + op: greater-than + - type: value + key: status + value: "RUNNING" + op: eq + actions: + - type: stop +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: + - `compute.instances.list` + - `monitoring.timeSeries.list` + +- Run Once: + - `compute.instances.list` + - `monitoring.timeSeries.list` + - `compute.instances.stop` + +--- +
+
+Recommendation: delete-old-gcp-snapshot + +**Description:** Delete gcp snapshots older than 14 days. + +**Policy Used:** +```yaml +policies: + - name: delete-old-gcp-snapshot + resource: gcp.snapshot + description: | + Delete gcp snapshots older than 14 days. + filters: + - type: value + key: creationTimestamp + op: greater-than + value_type: age + value: 14 + actions: + type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: + - `compute.snapshots.list` + +- Run Once: + - `compute.snapshots.list` + - `compute.snapshots.delete` + +--- +
+
+Recommendation: stop-underutilized-gcp-instance + +**Description:** Stop underutilised instances with average CPU utilisation less than 5% in last 3 days. + +**Policy Used:** +```yaml +policies: + - name: stop-underutilized-gcp-instance + resource: gcp.instance + description: Stop underutilised instances with average CPU utilisation less than 5% in last 3 days + filters: + - type: metrics + name: compute.googleapis.com/instance/cpu/utilization + aligner: ALIGN_MEAN + days: 3 + value: 5 + op: less-than + - type: value + key: status + value: "RUNNING" + op: eq + actions: + - type: stop +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: + - `compute.instances.list` + - `monitoring.timeSeries.list` + +- Run Once: + - `compute.instances.list` + - `monitoring.timeSeries.list` + - `compute.instances.stop` + +--- + +
+
+Recommendation: stop-underutilized-gcp-sql-instance + +**Description:** Stop underutilised sql instances with average CPU utilisation less than 5% in last 3 days + +**Policy Used:** +```yaml +policies: + - name: stop-underutilized-gcp-sql-instance + resource: gcp.sql-instance + description: | + Stop underutilised sql instances with average CPU utilisation less than 5% in last 3 days + filters: + - type: metrics + name: cloudsql.googleapis.com/database/cpu/utilization + aligner: ALIGN_MEAN + days: 3 + value: 5 + op: less-than + actions: + - type: stop +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: + - `cloudsql.instances.list` + - `monitoring.timeSeries.list` + +- Run Once: + - `cloudsql.instances.list` + - `monitoring.timeSeries.list` + - `cloudsql.instances.update` + +--- +
+
+Recommendation: snapshot-and-delete-unattached-gcp-disk + +**Description:** Snapshot and delete GCP recommended idle persistent disks which are unattached + +**Policy Used:** +```yaml +policies: + - name: snapshot-and-delete-unattached-gcp-disk + description: | + Snapshot and delete GCP disks which are detached for at least 15 days. + These idle disks are fetched from GCP recommender. + resource: gcp.disk + filters: + - type: recommend + id: google.compute.disk.IdleResourceRecommender + - type: value + key: lastAttachTimestamp + value: + op: ne + actions: + - type: snapshot + name_format: "{disk[name]:.50}-{now:%Y-%m-%d}" + - type: delete + +``` + +**Savings Computed:** Savings are considered as 35% of the total cost. Implementing this recommendation would result in 35% to 92% reduction in the maintenance cost of that disk. Thus, we have considered the minimum savings achievable, which is 35%. Ref: https://cloud.google.com/compute/docs/viewing-and-applying-idle-resources-recommendations + +**Permissions Required:** +- Dry Run: + - `recommender.computeDiskIdleResourceRecommendations.list` + +- Run Once: + - `recommender.computeDiskIdleResourceRecommendations.list` + - `compute.disks.delete` + +--- +
+
+Recommendation: delete-idle-gcp-gke-cluster + +**Description:** List GCP Idle GKE Clusters Recommendations + +**Policy Used:** +```yaml +policies: + - name: delete-idle-gcp-gke-cluster + description: | + List GCP Idle GKE Clusters Recommendations + resource: gcp.gke-cluster + filters: + - type: recommend + id: google.container.DiagnosisRecommender + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +**Permissions Required:** +- Dry Run: + - `recommender.containerDiagnosisInsights.list` + - `container.clusters.list` + +- Run Once: + - `recommender.containerDiagnosisInsights.list` + - `container.clusters.list` + - `container.clusters.delete` + +--- +
+
+Recommendation: list-cost-recommendations-gcp-cloud-run-service + +**Description:** + +**Policy Used:** +```yaml +policies: + - name: list-cost-recommendations-gcp-cloud-run-service + resource: gcp.cloud-run-service + description: | + List Cloud Run CPU Allocation Recommendations + filters: + - type: recommend + id: google.run.service.CostRecommender +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +**Permissions Required:** +- Dry Run: + - `recommender.runServiceCostRecommendations.list` + - `run.services.list` + +- Run Once: + - `recommender.runServiceCostRecommendations.list` + - `run.services.list` + +--- +
+
+Recommendation: list-unused-gcp-bq-dataset + +**Description:** List BigQuery datasets that haven't been accessed in the last 7 days. + +**Policy Used:** +```yaml +policies: + - name: list-unused-gcp-bq-dataset + resource: gcp.bq-dataset + description: | + List BigQuery datasets that haven't been accessed in the last 7 days. + filters: + - type: value + key: lastModifiedTime + op: less-than + value_type: age + value: 7 +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for the last 30 days. + +**Permissions Required:** +- Dry Run: + - `bigquery.datasets.get` + +- Run Once: + - `bigquery.datasets.get` + +--- +
+
+Recommendation: delete-unused-gcp-function + +**Description:** Delete Cloud Functions that haven't been invoked in the last 7 days to reduce costs. + +**Policy Used:** +```yaml +policies: + - name: delete-unused-gcp-function + resource: gcp.function + description: > + Delete Cloud Functions that haven't been invoked in the last 7 days to + reduce costs. + filters: + - type: metrics + name: cloudfunctions.googleapis.com/function/execution_count + metric-key: resource.labels.function_name + days: 7 + value: 0 + op: eq + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: + - `monitoring.timeSeries.list` + - `cloudfunctions.functions.list` + +- Run Once: + - `monitoring.timeSeries.list` + - `cloudfunctions.functions.list` + - `cloudfunctions.functions.delete` + +--- +
+
+Recommendation: list-under-utilized-gcp-bucket + +**Description:** List low utilized gcp buckets in last 7 days. + +**Policy Used:** +```yaml +policies: + - name: list-under-utilized-gcp-bucket + description: | + List low utilized gcp buckets in last 7 days. + resource: gcp.bucket + filters: + - type: metrics + name: storage.googleapis.com/network/sent_bytes_count + aligner: ALIGN_COUNT + days: 7 + value: 1024 + op: less-than + missing-value: 0 + - type: metrics + name: storage.googleapis.com/network/received_bytes_count + aligner: ALIGN_COUNT + days: 7 + value: 1024 + op: less-than + missing-value: 0 +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: + - `monitoring.timeSeries.list` + - `storage.buckets.list` + +- Run Once: + - `monitoring.timeSeries.list` + - `storage.buckets.list` + +--- +
+
+Recommendation: list-hanged-gcp-dataflow-job + +**Description:** List Dataflow jobs that have been in an hanged state for more than 1 day. + +**Policy Used:** +```yaml +policies: + - name: list-hanged-gcp-dataflow-job + resource: gcp.dataflow-job + description: List Dataflow jobs that have been in an hanged state for more than 1 day. + filters: + - type: value + key: startTime + op: greater-than + value_type: age + value: 1 + - type: value + key: currentState + value: + - JOB_STATE_RUNNING + - JOB_STATE_DRAINING + - JOB_STATE_CANCELLING + +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: + - `dataflow.jobs.list` + +- Run Once: + - `dataflow.jobs.list` + +--- +
+
+Recommendation: delete-under-utilized-gcp-loadbalancer-address + +**Description:** Delete all load balancers with low utilizations, where packet count is less than 1000 in the last 72 hours. + +**Policy Used:** +```yaml +policies: + - name: delete-under-utilized-gcp-loadbalancer-address + resource: gcp.loadbalancer-address + description: > + Delete all low utilized load balancers where packet count is less than + 1000 in last 72 hours + filters: + - type: metrics + name: compute.googleapis.com/instance/network/received_packets_count + metric-key: metric.labels.instance_name + aligner: ALIGN_COUNT + days: 3 + value: 1000 + op: le + actions: + - type: delete + +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +**Permissions Required:** +- Dry Run: + - `monitoring.timeSeries.list` + - `compute.addresses.list` + +- Run Once: + - `monitoring.timeSeries.list` + - `compute.addresses.list` + - `compute.addresses.delete` + +--- +
+
+Recommendation: list-under-utilized-gcp-redis + +**Description:** List Redis instances with less than 5% CPU utilization over the last 7 days. + +**Policy Used:** +```yaml +policies: + - name: list-under-utilized-gcp-redis + resource: gcp.redis + description: List Redis instances with less than 5% CPU utilization in last 7 days + filters: + - type: metrics + name: redis.googleapis.com/stats/cpu_utilization + metric-key: resource.labels.instance_id + days: 7 + value: 0.05 + op: lte + +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for the last 30 days. + +**Permissions Required:** +- Dry Run: + - `monitoring.timeSeries.list` + - `redis.instances.list` + +- Run Once: + - `monitoring.timeSeries.list` + - `redis.instances.list` + +--- +
+ + +### GCP Resource Coverage (Examples) + +- Compute Engine instances +- Cloud Storage buckets +- App Engine applications +- Cloud SQL instances +- Cloud IAM policies + +For a comprehensive list of all supported GCP resources, refer to the [GCP Resource Reference — Cloud Custodian documentation](https://cloudcustodian.io/docs/gcp/resources/index.html). + + + + +
+Recommendation: delete-low-utilized-azure-cosmodb + +**Description:** Delete low utilised CosmosDB based on total requests in last 72 hours. + +**Policy Used:** +```yaml +policies: + - name: delete-low-utilized-azure-cosmodb + resource: azure.cosmosdb + description: | + Delete low utilised CosmosDB based on total requests in last 72 hours + filters: + - type: metric + metric: TotalRequests + op: le + aggregation: total + threshold: 1000 + timeframe: 72 + actions: + - type: delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-unattached-azure-disk +**Description:** Delete all unattached disks. + +**Policy Used:** +```yaml +policies: + - name: delete-unattached-azure-disk + resource: azure.disk + description: | + Delete all unattached disks + filters: + - type: value + key: properties.diskState + value: Unattached + actions: + - type: delete +``` + +**Savings Computed:** The recommendation identifies a list of resources; to calculate potential savings, the costs of all resources over the last 30 days are summed together and that is shown as the potential savings. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-low-utilized-azure-load-balancer +**Description:** Delete all low utilised load balancers where packet count is less than 1000 in last 72 hours. + +**Policy Used:** +```yaml +policies: + - name: delete-low-utilized-azure-load-balancer + resource: azure.loadbalancer + description: | + Delete all low utilised load balancers where packet count is less than 1000 in last 72 hours + filters: + - type: metric + metric: PacketCount + op: le + aggregation: total + threshold: 1000 + timeframe: 72 + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-orphaned-azure-networkinterface +**Description:** Delete network interface which are not attached to virtual machine. + +**Policy Used:** +```yaml +policies: + - name: delete-orphaned-azure-networkinterface + resource: azure.networkinterface + description: | + Delete network interface which are not attached to virtual machine + filters: + - type: value + key: properties.virtualMachine + value: null + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: stop-underutilized-azure-vm +**Description:** Stop underutilised virtual machines with average CPU utilisation less than 5% in last 72 hours. + +**Policy Used:** +```yaml +policies: + - name: stop-underutilized-azure-vm + resource: azure.vm + description: | + Stop underutilised virtual machines with average CPU utilisation less than 5% in last 72 hours + filters: + - type: metric + metric: Percentage CPU + op: le + aggregation: average + threshold: 5 + timeframe: 72 + actions: + - type: stop +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-low-utilized-azure-keyvault +**Description:** Delete KeyVaults with less than 10 API hits in last 72 hours. + +**Policy Used:** +```yaml +policies: + - name: delete-low-utilized-azure-keyvault + resource: azure.keyvault + description: | + Delete KeyVaults with less than 10 API hits in last 72 hours + filters: + - type: metric + metric: ServiceApiHit + aggregation: total + op: lt + threshold: 10 + timeframe: 72 + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-low-utilized-azure-sqlserver +**Description:** Delete SQL servers with less than 10% average DTU consumption over last 72 hours. + +**Policy Used:** +```yaml +policies: + - name: delete-low-utilized-azure-sqlserver + resource: azure.sqlserver + description: | + Delete SQL servers with less than 10% average DTU consumption over last 72 hours + filters: + - type: metric + metric: dtu_consumption_percent + aggregation: average + op: lt + threshold: 10 + timeframe: 72 + filter: "DatabaseResourceId eq '*'" + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-unattached-azure-publicip +**Description:** Delete public ip which are not attached to any network interface. + +**Policy Used:** +```yaml +policies: + - name: delete-unattached-azure-publicip + resource: azure.publicip + description: | + Delete public ip which are not attached to any network interface + filters: + - type: value + key: properties.ipConfiguration + value: null + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-low-utilized-azure-datalake +**Description:** Delete all Datalake Stores with less than 1000 read requests or 1000 write requests in the last 72 hours. + +**Policy Used:** +```yaml +policies: + - name: delete-low-utilized-azure-datalake + resource: azure.datalake + description: | + Delete all Datalake Stores with less than 1000 read requests or 1000 write requests in the last 72 hours + filters: + - or: + - type: metric + metric: ReadRequests + op: le + aggregation: total + threshold: 1000 + timeframe: 72 + - type: metric + metric: WriteRequests + op: le + aggregation: total + threshold: 100 + timeframe: 72 + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-unused-azure-postgresql-server +**Description:** Delete PostgreSQL Servers that have had zero active connections in the last 72 hours. + +**Policy Used:** +```yaml +policies: + - name: delete-unused-azure-postgresql-server + resource: azure.postgresql-server + description: | + Delete PostgreSQL Servers that have had zero active connections in the last 72 hours + filters: + - type: metric + metric: active_connections + op: eq + threshold: 0 + timeframe: 72 + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-orphaned-azure-appserviceplan +**Description:** Delete orphaned(numberOfSites=0) application service plan + +**Policy Used:** +```yaml +policies: + - name: delete-orphaned-azure-appserviceplan + resource: azure.appserviceplan + description: | + Delete orphaned(numberOfSites=0) application service plan + filters: + - type: value + key: properties.numberOfSites + op: eq + value: 0 + actions: + - delete +``` + +**Savings Computed:** The recommendation identifies a list of resources; to calculate potential savings, the costs of all resources over the last 30 days are summed together and that is shown as the potential savings. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+ + + + +----------- + +## Rules Generating Recommendations + +The "Rules Generating Recommendations" tab shows all the rules you’ve turned on to generate recommendations. Every day, our system runs these rules across your main accounts and regions. The results are shown as recommendations, so you can track their full lifecycle from when they’re created to when they’re addressed. +The tab also gives you insights into the rules you’ve enabled. You can see a breakdown by account and region, including whether the rule ran successfully, had an error, or found resources that don’t have any savings attached. + +### Using Rules Generating Recommendations + +1. Navigate to the **Rules Generating Recommendations** > **+New Rule** to begin the process +2. Select a governance rule to generate recommendations +3. Configure the rule's scope: + - **All Accounts**: Apply the rule across your entire cloud infrastructure + - **Specific Accounts**: Target only selected cloud accounts for evaluation +4. Click **Generate Recommendations** to initiate the evaluation process + + + +After this, all the rules generating recommendations can be seen in the **Rules Generating Recommendations** tab alongwith last evaluation, recommendations, potential savings and success rate. If any connector and region combination encounters an issue, the system flags it with a Failed status. +The UI displays a detailed error message to assist in resolving the issue quickly. + +#### Status Breakdown: + +1. **Failed Status :** A failed status indicates one of the following scenarios: + +- Missing Permissions: The necessary permissions required for Harness to get or list resources are not provided. +- Harness Internal Error: A system-level issue occurred during processing. + +2. **Ignored Status :** An ignored status indicates one of the following scenarios: + +- No Cost Data Available: Billing connector setup at Harness is missing cost data for the target cloud account. +- Cost Threshold Not Met: Cost is less than $300 for the GCP project. +- Invalid Region: The regions found in cost data is not valid to run against Governance Rule. + +3. **Success Status :** A successful status indicates one of the following scenarios: + +- Recommendation Generated: The system successfully evaluated the rule and created a recommendation. +- No Resources in Evaluation: The rule was evaluated, but there were no resources found. +- Savings Below Threshold: A recommendation was generated, but the potential savings were calculated to be less than $10. + +--------- + +### Granular Recommendations + +Cloud Asset Governance provides valuable recommendations, but when it comes to operationalizing them at scale, it might become challenging. Additionally, when using shared cloud accounts across teams, project-level recommendations might not work out. With Granular Recommendations, Governance recommendations will now be generated at the individual resource level, ensuring greater granularity and actionable insights for both custom and out-of-the-box (OOTB) recommendations. This enhancement simplifies implementation and tracking, allowing customers to take more effective action on governance recommendations at scale. + +#### Enabling Granular Recommendations + + + +Owing to this, now, while adding a recommendation to Ignore List, users have the option to specify the scope at which the users want to ignore the recommendation. +The scope can be either at: + +- Rule-level +- Rule-level + Project-level +- Rule-level + Project-level + Resource-level. diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/Ouputscreen.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/Ouputscreen.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/Ouputscreen.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/Ouputscreen.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/ag-overview.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/ag-overview.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/ag-overview.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/ag-overview.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/ai-validation-error-banner.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/ai-validation-error-banner.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/ai-validation-error-banner.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/ai-validation-error-banner.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/aida-overview.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/aida-overview.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/aida-overview.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/aida-overview.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/anatomy_of_a_rule.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/anatomy-of-a-rule.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/anatomy_of_a_rule.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/anatomy-of-a-rule.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/asset-gov-enforcement.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/asset-gov-enforcement.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/asset-gov-enforcement.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/asset-gov-enforcement.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/asset-gov-eval.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/asset-gov-eval.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/asset-gov-eval.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/asset-gov-eval.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/asset-governance-rule-creation.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/asset-governance-rule-creation.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/asset-governance-rule-creation.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/asset-governance-rule-creation.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/asset-governance-rule-enforcement.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/asset-governance-rule-enforcement.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/asset-governance-rule-enforcement.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/asset-governance-rule-enforcement.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/asset-governance-test-output-error.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/asset-governance-test-output-error.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/asset-governance-test-output-error.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/asset-governance-test-output-error.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/asset-governance-valid-eval-output.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/asset-governance-valid-eval-output.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/asset-governance-valid-eval-output.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/asset-governance-valid-eval-output.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/aws-alert.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/aws-alert.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/aws-alert.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/aws-alert.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/aws-edit-json.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/aws-edit-json.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/aws-edit-json.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/aws-edit-json.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/aws-granular.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/aws-granular.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/aws-granular.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/aws-granular.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/aws-missing-permission-role.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/aws-missing-permission-role.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/aws-missing-permission-role.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/aws-missing-permission-role.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/aws-select-policy.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/aws-select-policy.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/aws-select-policy.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/aws-select-policy.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/azure-alert.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/azure-alert.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/azure-alert.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/azure-alert.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/azure-granular.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/azure-granular.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/azure-granular.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/azure-granular.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/bulk-export.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/bulk-export.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/bulk-export.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/bulk-export.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/cal1.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/cal1.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/cal1.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/cal1.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/cal2.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/cal2.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/cal2.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/cal2.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create-another-rule.gif b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-another-rule.gif similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create-another-rule.gif rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-another-rule.gif diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create-custom.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-custom.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create-custom.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-custom.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create-enforcement-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-enforcement-aws.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create-enforcement-aws.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-enforcement-aws.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create-enforcement-azure.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-enforcement-azure.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create-enforcement-azure.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-enforcement-azure.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create-enforcement-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-enforcement-gcp.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create-enforcement-gcp.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-enforcement-gcp.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create_enforcement.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-enforcement.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create_enforcement.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-enforcement.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create-new-rule-set-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-new-rule-set-aws.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create-new-rule-set-aws.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-new-rule-set-aws.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create-new-rule-set-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-new-rule-set-gcp.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create-new-rule-set-gcp.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-new-rule-set-gcp.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create-new-rule-set.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-new-rule-set.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/create-new-rule-set.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/create-new-rule-set.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/custom-rec.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/custom-rec.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/custom-rec.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/custom-rec.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/custom-tab.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/custom-tab.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/custom-tab.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/custom-tab.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcement-new.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcement-new.png new file mode 100644 index 00000000000..088a524e60a Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcement-new.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/enforcements-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcements-aws.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/enforcements-aws.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcements-aws.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/enforcements-azure.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcements-azure.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/enforcements-azure.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcements-azure.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/enforcements-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcements-gcp.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/enforcements-gcp.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcements-gcp.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/enforcements-list-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcements-list-aws.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/enforcements-list-aws.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcements-list-aws.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/enforcements-list-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcements-list-gcp.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/enforcements-list-gcp.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcements-list-gcp.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/enforcements-list.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcements-list.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/enforcements-list.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcements-list.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/enforcements.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcements.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/enforcements.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/enforcements.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluation-aws-one.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluation-aws-one.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluation-aws-one.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluation-aws-one.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluation-gcp-one.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluation-gcp-one.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluation-gcp-one.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluation-gcp-one.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluation-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluation-gcp.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluation-gcp.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluation-gcp.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluations-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluations-aws.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluations-aws.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluations-aws.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluations-azure-table.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluations-azure-table.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluations-azure-table.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluations-azure-table.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluations-azure.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluations-azure.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluations-azure.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluations-azure.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluations_page_aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluations-page-aws.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluations_page_aws.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluations-page-aws.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluations_page_gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluations-page-gcp.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluations_page_gcp.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluations-page-gcp.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluations_page.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluations-page.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluations_page.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluations-page.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluations.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluations.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/evaluations.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/evaluations.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/example1.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/example1.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/example1.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/example1.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/example2.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/example2.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/example2.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/example2.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/filter-evalaution-rules_aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/filter-evalaution-rules-aws.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/filter-evalaution-rules_aws.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/filter-evalaution-rules-aws.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/filter-evalaution-rules.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/filter-evalaution-rules.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/filter-evalaution-rules.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/filter-evalaution-rules.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/filter-evaluation-rules-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/filter-evaluation-rules-gcp.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/filter-evaluation-rules-gcp.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/filter-evaluation-rules-gcp.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/finops-agent-suggestions.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/finops-agent-suggestions.png new file mode 100644 index 00000000000..f7244bb6d12 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/finops-agent-suggestions.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/finopsagent.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/finopsagent.png new file mode 100644 index 00000000000..86342ac0c8f Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/finopsagent.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/gcp-alert.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/gcp-alert.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/gcp-alert.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/gcp-alert.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/gcp-granular.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/gcp-granular.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/gcp-granular.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/gcp-granular.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/gen-ai-demo.gif b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/gen-ai-demo.gif similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/gen-ai-demo.gif rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/gen-ai-demo.gif diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/gov-alert.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/gov-alert.png new file mode 100644 index 00000000000..238d6d73f4f Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/gov-alert.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/gov-alerts.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/gov-alerts.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/gov-alerts.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/gov-alerts.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/gov-overview.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/gov-overview.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/gov-overview.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/gov-overview.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/governance-rule.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/governance-rule.png new file mode 100644 index 00000000000..abccc3ac835 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/governance-rule.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/governancerules-rbac.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/governancerules-rbac.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/governancerules-rbac.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/governancerules-rbac.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/governancerules.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/governancerules.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/governancerules.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/governancerules.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/historical-2.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/historical-2.png new file mode 100644 index 00000000000..00b09f9f8e3 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/historical-2.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/new-feature.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/new-feature.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/new-feature.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/new-feature.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/ouputscreen.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/ouputscreen.png new file mode 100644 index 00000000000..6ea8cc27e66 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/ouputscreen.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/outputTerminal.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputTerminal.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/outputTerminal.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputTerminal.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/outputTerminalAWS.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputTerminalAWS.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/outputTerminalAWS.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputTerminalAWS.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/outputTerminalGCP.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputTerminalGCP.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/outputTerminalGCP.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputTerminalGCP.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputterminal.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputterminal.png new file mode 100644 index 00000000000..2053b733b1d Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputterminal.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputterminalAWS.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputterminalAWS.png new file mode 100644 index 00000000000..9eb2d5cd706 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputterminalAWS.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputterminalaws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputterminalaws.png new file mode 100644 index 00000000000..9eb2d5cd706 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputterminalaws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputterminalgcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputterminalgcp.png new file mode 100644 index 00000000000..7fd6a0109de Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/outputterminalgcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/overview-copilot.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/overview-copilot.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/overview-copilot.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/overview-copilot.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/overview-one.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/overview-one.png new file mode 100644 index 00000000000..00b09f9f8e3 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/overview-one.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/overview-two.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/overview-two.png new file mode 100644 index 00000000000..02b52a11f57 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/overview-two.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/policy_comparison.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/policy-comparison.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/policy_comparison.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/policy-comparison.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rbac-alerts.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rbac-alerts.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rbac-alerts.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rbac-alerts.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rg-granular.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rg-granular.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rg-granular.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rg-granular.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rgr.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rgr.png new file mode 100644 index 00000000000..0815d3e0790 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rgr.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/roles-rbac.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/roles-rbac.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/roles-rbac.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/roles-rbac.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule-enforcements-page.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-enforcements-page.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule-enforcements-page.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-enforcements-page.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule_example_AWS.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-example-AWS.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule_example_AWS.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-example-AWS.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-example-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-example-aws.png new file mode 100644 index 00000000000..7b5d4466c0f Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-example-aws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule_example_gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-example-gcp.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule_example_gcp.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-example-gcp.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule_example.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-example.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule_example.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-example.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-new.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-new.png new file mode 100644 index 00000000000..95e104afbd2 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-new.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule-set-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-set-aws.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule-set-aws.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-set-aws.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule-set-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-set-gcp.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule-set-gcp.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-set-gcp.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule-set.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-set.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule-set.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-set.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule-window-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-window-aws.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule-window-aws.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-window-aws.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule-window-azure.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-window-azure.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule-window-azure.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-window-azure.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule-window-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-window-gcp.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rule-window-gcp.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rule-window-gcp.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rules-aws-selection.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rules-aws-selection.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rules-aws-selection.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rules-aws-selection.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rules-azure-selection.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rules-azure-selection.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rules-azure-selection.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rules-azure-selection.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rules-gcp-selection.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rules-gcp-selection.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/rules-gcp-selection.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rules-gcp-selection.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rules-generating-rec.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rules-generating-rec.png new file mode 100644 index 00000000000..060eaa542fd Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/rules-generating-rec.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/savings1.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/savings1.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/savings1.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/savings1.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/select-rules-enforcement.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/select-rules-enforcement.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/select-rules-enforcement.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/select-rules-enforcement.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/set-up-schedule-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/set-up-schedule-aws.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/set-up-schedule-aws.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/set-up-schedule-aws.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/set-up-schedule-azure.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/set-up-schedule-azure.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/set-up-schedule-azure.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/set-up-schedule-azure.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/set-up-schedule-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/set-up-schedule-gcp.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/set-up-schedule-gcp.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/set-up-schedule-gcp.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/set-up-schedule.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/set-up-schedule.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/set-up-schedule.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/set-up-schedule.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete-aws.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete-aws.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete-aws.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete-enforcement-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete-enforcement-aws.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete-enforcement-aws.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete-enforcement-aws.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete-enforcement-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete-enforcement-gcp.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete-enforcement-gcp.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete-enforcement-gcp.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete-enforcement.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete-enforcement.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete-enforcement.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete-enforcement.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete-gcp.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete-gcp.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete-gcp.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete-ruleset-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete-ruleset-aws.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete-ruleset-aws.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete-ruleset-aws.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete-ruleset-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete-ruleset-gcp.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete-ruleset-gcp.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete-ruleset-gcp.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete-ruleset.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete-ruleset.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete-ruleset.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete-ruleset.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/update-and-delete.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/update-and-delete.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/view-desc-ai.gif b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/view-desc-ai.gif similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/view-desc-ai.gif rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/view-desc-ai.gif diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/view-rule-set-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/view-rule-set-aws.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/view-rule-set-aws.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/view-rule-set-aws.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/view-rule-set-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/view-rule-set-gcp.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/view-rule-set-gcp.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/view-rule-set-gcp.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/view-rule-set.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/view-rule-set.png similarity index 100% rename from docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/static/view-rule-set.png rename to docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new/static/view-rule-set.png diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/1-asset-governance.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/1-asset-governance.md new file mode 100644 index 00000000000..37334e05336 --- /dev/null +++ b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/1-asset-governance.md @@ -0,0 +1,312 @@ +--- +title: Get Started +description: This topic talks about Harness cloud asset governance. +sidebar_position: 2 +--- +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + +- **[Configure CCM Connector](/docs/cloud-cost-management/get-started/#aws)** + - Navigate to **Setup** > **Cloud Providers** > **Add a Connector** + - Select your cloud provider (AWS, Azure, or GCP) + - During [connector setup](/docs/cloud-cost-management/get-started/#aws), ensure you select **"Cloud Governance"** under **"Choose Requirements"**. + +- **Verify Required Permissions** + - Ensure your connector has [all required permissions for each cloud provider](/docs/cloud-cost-management/feature-permissions): + - For AWS: Verify IAM roles include necessary read permissions for resource discovery + - For Azure: Confirm service principal has appropriate Reader roles + - For GCP: Check service account permissions for resource monitoring + +After connector configuration, CCM takes up to 24 hours to collect data and identify resources. + +------ + +### Key Concepts + +Cloud Asset Governance operates through four essential concepts working together: **Rules, Rule Sets, Enforcements, Evaluations**. + + + + +:::info +Governance Rules are different from Perspective and Cost Category Rules. +::: + + + + + +**Rules** are set of instructions you write in form of **code** to manage your cloud resources **automatically**. A **Rule** is essentially a file with a set of logic that you can run on your cloud infrastructure. + +**Example:** Suppose you want all your EBS volumes to use the newer, cheaper **gp3** type instead of gp2. +- **Without rules**: you'd have to manually check every volume and upgrade it. +- **With a rule**: the system **finds all gp2 volumes** and **migrates them to gp3** for you. + +**What makes up a Rule:** Ideally, rules contain **policies** which include **resource**, **filters**, and **actions**. A rule is written in **YAML format**. Rules can include **multiple policies**. + + + +- A **policy** is the overall instruction and consists of filters and actions that are applied to a specific type of cloud resource. + +- A **resource** is the type of cloud resource or service on which the rule will be run with the actions and filters, such as Azure VMs, AKS, Cosmos DB, etc. + +- A **filter**, as the name suggests, is a criteria used to narrow down the results based on the attributes. These attributes can include anything such as tags, metadata, or any other resource property provided by you. When the filter is applied, only those resources that match the criteria specified in the filter are given as a result. + +- **Actions** are operations performed on the filtered resources. Actions include things like terminating an azure vm, deleting an azure storage-container, or sending an email notification. + + + + +So essentially, **a Rule is a file that includes logic defined by a policy that performs certain actions on the resource based on the filters provided by the user**. + +:::info +We now have Terraform support for managing Governance Rules. Please see [here](https://registry.terraform.io/providers/harness/harness/latest/docs/resources/governance_rule) for more details. +::: + + + +#### Create a new Rule + +- In **Harness**, go to **Cloud Costs** > **Asset Governance** > **Rules**. Select **+ New Rule**. + + + +- Enter a name for the rule, select the cloud provider. Also, enter Savings prediction in percentage (optional). This custom percentage will be honored during savings computation. Savings prediction is used to calculate the savings that can be achieved by enforcing the rule. +- Optionally, enter a description of the rule. Select **Apply**. +- Enter the YAML policy in the rule editor. Select **Save**. If the policy is invalid, an error message is displayed. +- Select the **Account/Project/Subscription** and the **Region** from the dropdown list in the Test Terminal. Select **Dry Run** to view the instances or services that will be acted upon when you enforce the rule. +- After evaluating the output, select **Run Once** to execute the rule. + + + + +#### Update/Delete a Rule + +- You can view the Rules on the Asset Governance Rules page. You can click on Edit button from the vertical ellipsis menu (⋮) to edit a Rule or simply click on the Rule to open Rule editor and then make changes. + +- To delete a Rule Set, click on Delete from the vertical ellipsis menu (⋮). + + + +#### Testing Terminal + +In the rule editor, a test terminal is present for users to see the output in the terminal itself upon evaluating a Rule. This is done to ensure that users can run the rules and try accordingly to check how the output would look on the selected subscription and region. There are two options: first, to select the target subscription and second, to select the regions. After providing the relevant inputs, the users can select either to dry run the rule first, run it once or enforce the rule. + + + +After this, the resources identified are shown on the output terminal in JSON format. With this output, users can perform different actions like searching, downloading, filtering, sorting and picking. + + + +#### Searching in Output Terminal +After the output is rendered, users can search for any keywords in the output terminal. This streamlines troubleshooting and debugging processes and helps to efficiently locate required information amidst large volumes of output data. + +#### Zip Downloads +The JSON output can be downloaded in either JSON format or a CSV format(original or flatted) into a single zip archive. + +#### JSON Filtering +The output can be filtered based on the keys present in the JSON output. Currently, filtering on the basis of `==`, `!=`, `<`, `<=`, `>`, `>=` is supported in terms of numeric key values and if the key's value is a string, string matching using `LIKE` is supported. This feature enables users to extract specific fields, filter out irrelevant data, and perform relevant queries on JSON datasets. + +#### Sorting +The output can be sorted based on the keys present in the JSON output in either an `ASCENDING` or `DESCENDING` manner. + +#### Pick +If output needs to be streamlined and only a few keys-value pairs are required, 'Pick' functionality can be used. Using this, users can pick only the required keys and see the data associated with them in the output. + +:::info +If multiple Regions and/or multiple Subscriptions are selected, the Output Terminal will render the links to the Evaluations page for all the individual evaluations per Subscription-Region pair. From that page, upon clicking on individual evaluations, detailed output and logs can be seen. +::: + + + + + + + + +As mentioned previously, a Rule can have multiple policies. However, when there are multiple rules with multiple policies, it can become hard to manage them all together. This is where **Rule Sets** can be used. Rule sets serve as logical bindings on top of individual rules that help you organize and manage rules. By organizing rules into sets, organizations improve accessibility and simplify maintenance, as enforcements can be made against the entire rule set rather than individual rules. + + + + + + +#### Create a new Rule Set + +To create a Rule Set, perform the following steps: + +- In **Harness**, go to **Cloud Costs** > **Asset Governance** > **Rules** > **Create a new Rule Set** +- Enter a name for the rule set. Optionally, enter a description of the rule set. +- Select the cloud provider and click on Next. +- Select the rules that you want to add to the rule set. Select **Create Rule Set**. + +The rule set is created successfully. + + + + + + +- You can view the rule set on the **Asset Governance Rules** page. Expand the rule set to view the individual rules in the rule set. +- Select **Enforce Rule Set** in the Enforcements column to enforce this rule set. + +#### Update/Delete Rule Set + +- You can view the Rule Set on the Asset Governance Rules page. Expand the rule set to view the individual rules in the rule set. You can click on Edit button from the vertical ellipsis menu (⋮) to edit the rule set. + +- To delete a Rule Set, click on Delete from the vertical ellipsis menu (⋮). + + + + :::info +We now have Terraform support for managing Governance RuleSets. Please see [here](https://registry.terraform.io/providers/harness/harness/latest/docs/resources/governance_rule_set) for more details. +::: + + + + + + + + + +:::info +- Each enforcement can now have up to **10,000 evaluations**. The cap is calculated as `Rules × Accounts × Regions` and replaces the earlier individual limits on rules, rule sets, accounts, or regions. + +- We now have Terraform support for managing Governance Enforcements. Please see [here](https://registry.terraform.io/providers/harness/harness/latest/docs/resources/governance_rule_enforcement) for more details. +::: + +**Enforcements** enable you to enforce a certain set of **Rules** or **Rule Sets** (also known as governance guardrails) against a specific set of **targets** (accounts, projects, or subscriptions) to run **periodically**. Sometimes, we need rules to run periodically, such as every day, week, or month. However, running these rules manually every day or week at a specified time creates extra overhead and is a slow process prone to manual errors. + +>> To solve this, **Enforcements** allow users to set up a timely **schedule** and choose the **day**, **time**, and **frequency** for their rules or rule sets. + +For example: +A user can create an **Enforcement** to schedule the deletion of all unattached disks. This Enforcement will run on the **days specified by the user**, at the **specified time**, and with the **specified frequency (hourly, daily, monthly)**. For instance, you could set it to run **daily** at 2:00 AM to ensure that any unattached disks meeting the criteria are removed. Alternatively, you might choose to run it **hourly** during peak usage times, or **monthly** for less critical cleanup tasks. + + + + +#### FinOps Agent Suggested Enforcements + + + +Harness CCM's intelligent **FinOps Agent** analyzes your cloud environment to automatically identify cost-saving opportunities and suggest appropriate governance enforcements. Each suggested enforcement is created as a **draft** that you can review before implementation. + +To implement a suggested enforcement, simply review and accept it. The system will then automatically create and schedule the enforcement to run against the specified accounts. All evaluations from these accepted suggestions appear on the Evaluations page alongside your manually created enforcements, providing a unified view of all governance activities. + + + + + + +#### Create a new Enforcement +To create an Enforcement, perform the following steps: +In your **Harness** application, go to **Cloud Costs** > **Asset Governance** > **Enforcements** > **+ New Enforcement** + + + +- Enter a name for the Enforcement. Optionally, enter a description of the Enforcement. Select the cloud provider. + + + + + +- Select the rules or rule sets that you want to enforce. By enforcing a rule or rule set, you are ensuring that the policies defined in the rule or rule set are applied to the target accounts/project/subscription and regions. + + + +- Select the target accounts/project/subscription and target regions that you will be running the Enforcements on. +- Set the frequency from **Hourly**, **Daily**, or **Weekly** options. In case you select Daily or Weekly, specify the day, time, and time zone to run the rule on schedule. +- Toggle the **Dry Run** mode if you do not want to take action immediately. +- Select **Finish**. + + + + + +After setting up the schedule, you can view the Enforcement on the **Enforcements** page. + + + +Furthermore, you can disable the Enforcement at any time using the toggle button in the **Status** column. If you want to turn off the dry-run mode, select **Edit** from the vertical ellipsis menu (⋮) then go to "Target And Schedule", use slider to turn off "Enforce Rule(s) in Dry Run mode" and click on Finish. + +#### Update/Delete an Enforcement + +- You can view any Enforcements on Rule Enforcements page. Click on the enforcement to view details such as the rules, target accounts, and regions included in the enforcement. For updating, you can use the "Edit" button from the vertical ellipsis menu (⋮) to update the enforcements as per your convenience. + +- To delete an enforcement, simply click on “Delete” from the vertical ellipsis menu (⋮). + + + + + + + +Evaluations include all the data about enforcements run (both RUN ONCE from rule editor and from Enforcement). The Evaluations window also shows you the total cost impact with each Enforcement i.e. the costs or spendings associated with each Evaluation along with the last time that Rule/Rule set was enforced. With Evaluations, you can view and audit all the Enforcements that ran in the past. + +Harness CCM also supports multiple statuses for evaluations. Currently CCM supports three statuses for an evaluation: + +- Success: If the evaluation is completed without any errors, the status of the evaluation is shown as "Successful". +- Failure: If the evaluation is not completed and has errors, the status of the evaluation is shown as "Failure". +- Partial Success: If the evaluation is successful without any Harness errors but Cloud Custodian has additional logs and/or in case of multi-policy evaluations, if the evaluation was successful only for a subset of resources, the status is shown as "Partial Success". + + + +#### View Evaluations + +1. In your **Harness** application, go to **Cloud Costs**. +2. Select **Asset Governance**. +3. Select **Evaluations**. +4. You can see all the Evaluations of Rules listed on the window. +4. Select the rule for which you want to view the Evaluation details. The target subscription, region, identified resources and evaluation logs are displayed. + +In the output window, users can see the resources identified in form of a Table or JSON. The table view supports all the filters and flattening of the table is supported as well. That essentially means, nested propoerties are flattened. By default, nested objects and arrays are collapsed and can be expanded upto two levels. Further nested properties are shown as formatted JSON. + + + +#### Filters in Evaluations List Page + +You can create filters to view selected rules: + +1. Select the filter icon. +2. Enter a name. +3. Select who can edit and view the filter. +4. Select one or more of the following criteria to filter the results: + * Rules + * Rule Sets + * Enforcements + * Minimum Cost Impact ($) + * Cloud Provider + * Azure Filters + - Azure Subscription + - Target Regions + +5. Select **Apply**. + + + +:::important note +Number of evaluations for which we can compute cost impact is 1,50,000/ Day. +::: + +### Bulk Export Evaluations + +Use **Bulk Export** to download up to 100 evaluation results (AWS, GCP, or Azure) in a single ZIP file. Export is available when all selected evaluations are in a terminal state (Succeeded or Failed). + +**How to export** +1. Click **Export**. +2. Choose the artefacts to include: + - `metadata.json`: summary of each evaluation + - `resources.json`: resources identified + - `custodian-run.log`: execution log + - `actioned-resources.json`: resources acted on +3. Click **Generate Report**. + +The ZIP file is organised by evaluation ID (or by policy sub-folders for multi-policy runs) so you can quickly locate results. You can also export from the **Test Terminal** when evaluating multiple targets. + + + + + + +--------- diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/_category_.json b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/_category_.json new file mode 100644 index 00000000000..9864f6cc501 --- /dev/null +++ b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/_category_.json @@ -0,0 +1 @@ +{"label": "Asset governance", "collapsible": "true", "collapsed": "true", "className": "red", "link": {"type": "generated-index", "title": "Asset governance"}, "customProps": {"position": "20", "helpdocs_category_id": "iul2qmg1yk"}} \ No newline at end of file diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/overview.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/overview.md new file mode 100644 index 00000000000..e6fe243d726 --- /dev/null +++ b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/overview.md @@ -0,0 +1,108 @@ +--- +title: Overview +description: This topic talks about Harness cloud asset governance. +sidebar_position: 1 +--- +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + +**Cloud Asset Governance** is a comprehensive **governance-as-code** solution that helps organizations **automatically manage** their cloud resources according to **cost, security, and compliance standards**. It implements **rules written as code** to enforce policies consistently across your cloud infrastructure, rather than relying on manual checks or approvals. + +Asset Governance: + +- Establishes the rules and policies that control how cloud resources are used, ensuring your environment remains secure against threats, cost-effective for your business and compliant with industry regulations. + +- Treats **governance policies as code (GAC)**, allowing you to Write policies in languages like YAML, Apply them automatically across your infrastructure, Enforce them consistently at scale. + +- Enables you to Automatically manage cloud resources, Enforce standards, Replace manual checks with code-based policies, Apply consistent rules throughout your cloud infrastructure + +
+

Cloud Custodian Integration

+Cloud Asset Governance is built on top of the popular open source software [Cloud Custodian](https://cloudcustodian.io) and covers all the cloud resources for [AWS](https://cloudcustodian.io/docs/aws/resources/index.html), [GCP](https://cloudcustodian.io/docs/gcp/resources/index.html) and [Azure](https://cloudcustodian.io/docs/azure/resources/index.html). The cloud-custodian versions utilised currently are as following: +- c7n==0.9.44 +- c7n_azure==0.7.43 +- c7n_gcp==0.4.43 + +See how [Harness CCM compares to Cloud Custodian](https://www.harness.io/blog/harness-cloud-asset-governance-cloud-custodian-beyond). +
+ +-------- + +## Asset Governance Overview Page + +Here is an in-depth explanation of the Overview page and the information it displays for the users: + + + + + +- **Total Evaluations**: The total number of evaluations performed to date. +- **Total Enforcements**: The total number of active enforcements created to date. +- **Total Savings**: The total cost savings achieved from day one to date. +- **Savings in Timeframe**: The total cost savings achieved in the timeframe selected. +- **FinOps Agent Suggested Actions**: The number of suggested actions by our intelligent FinOps Agent. +- **Evaluations in Timeframe**: Harness supports multiple statuses for Evaluations. The overview page now displays a detailed breakdown of evaluation counts by status. - Total Evaluations: The total number of evaluations in the timeframe selected. - Success Evaluations: Total number of evaluations with status as "Successful". - Failure Evaluations: Total number of evaluations with status as "Failure". - Partial Success Evaluations: Total number of evaluations with status as "Partial Success". +- **Savings Breakdown**: A granular graph that shows savings breakdown across different cloud providers and resources. You can see savings broken down by: +- **Cloud Provider**: This shows total cost savings for each cloud provider. +- **Evaluations Trend** - This graph shows evaluations performed per day in the selected timeframe. If timeframe is selected for more than 2 months, the evaluations are shown per month in the selected timeframe. Also, evaluations along with their status i.e. "Success", "Partial Success" and "Failed" are shown. +- **Rules Generating Recommendations**: This section displays all governance rules that are configured to generate actionable cost optimization recommendations. For each rule, you can specify targeted application (all cloud accounts or specific accounts only), set recommendation priority levels, and define potential savings thresholds. + + +- **Alerts** : Alerts allow you to receive notifications when certain conditions are met during governance evaluations. These conditions can be fine-tuned based on cloud providers, resource types, account/subscription/project , cost impact, and resource count. +You can create alerts by defining the following parameters: + - **Cloud Provider** : Choose the cloud platform(s) where the policy evaluation should trigger an alert: **AWS**, **GCP**, or **Azure**. + - **Resource Type** : Select the type of resources to monitor. These are defined based on [Cloud Custodian](https://cloudcustodian.io/) resource types. + - **Accounts / Subscriptions / Projects** : Specify the scope of the alert: **AWS accounts**, **Azure subscriptions**, or **GCP projects**. + - **Minimum Resource Count** : Set the threshold for the number of resources. + - **Minimum Cost Impact** : Set minimum cost impact associated with an evaluation. + - **Specify Alert Channels**: Enter one or more email addresses to receive alert notifications. + - **Attach Evaluation Output**: Enable this to **attach a `.json` file** containing the full evaluation output in the email. Useful for automated analysis or deep dives. + +:::note +- **Granular RBAC for Governance Alerts**: You can assign granular permissions for Governance Alerts to specific resource groups and roles, enabling more precise access control. + + **For Resource Groups:** + 1. Navigate to **Account Settings** > **Access Control** > **Resource Groups** + 2. Select an existing Resource Group or create a new one + 3. Enable the **Cloud Asset Governance Alerts** permission + 4. Choose between **All** alerts or **Specified** alerts for more granular control + + + + **For Roles:** + 1. Navigate to **Account Settings** > **Access Control** > **Roles** + 2. Select an existing Role or create a new one + 3. Enable the **Cloud Asset Governance Alerts** permission + 4. Assign specific permissions such as **View** or **Edit/Delete** + + +::: + + + + + + +- **Recommendations** - Governance Overview displays a list of all recommendations that can help optimize the cloud assets and minimize cloud costs. Governance Overview highlights the total potential savings that can be achieved if all recommendations are applied. + Additional to this, for each recommendation, Harness shows more details like: + - **Potential Monthly Savings**: Monthly cost savings that can be realized if the recommendations are applied. + - **Potential Monthly Spend**: Potential Monthly Spend is the monthly spend for all the resources that surfaced out as part of recommendations. Why potential? Because the resource might be newly added and Harness looks at the last 30 days of cost data which might not be present for all the days for newly created resources. + - **Resource Count**: Number of resources to which the recommendation will be applied. + - **Ignored list tag** if the recommendation is added to the "Ignored list". - Option to **view details** about the recommendation like which Account (in case of Azure, AWS)/ Project (in case of GCP), resource (AWS, Azure) the recommendation was applied to, the enforcements, etc. + - **Custom Recommendations**: All Custom Recommendations show up with a "Custom" badge after successful creation. + + :::important note + - In case of AWS and Azure, Account/ Subscription and region combination with greater than 300$ of monthly spend are considered for recommendations. + - In case of GCP, Project with greater than 300$ of monthly spend is considered for recommendations. + ::: + +To apply a recommendation, select the row. The recommendation opens on the **Recommendations** page. To learn how to enforce this recommendation, go to Governance recommendations. + +You can see a list of all recommendations offered by Harness for each Cloud provider here: + +- [Asset Governance recommendations for AWS](https://developer.harness.io/docs/cloud-cost-management/use-ccm-cost-governance/asset-governance/aws/AWS-recommendations) +- [Asset Governance recommendations for Azure](https://developer.harness.io/docs/cloud-cost-management/use-ccm-cost-governance/asset-governance/azure/azure-recommendations) +- [Asset Governance recommendations for GCP](https://developer.harness.io/docs/cloud-cost-management/use-ccm-cost-governance/asset-governance/gcp/gcp-recommendations) + + + diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/recommendations.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/recommendations.md new file mode 100644 index 00000000000..528f104b0be --- /dev/null +++ b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/recommendations.md @@ -0,0 +1,1547 @@ +--- +title: Governance Recommendations +description: This topic describes how to optimize cloud costs using asset governance. +# sidebar_position: 2 +--- + +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + +Recommendations help kickstart your journey with governance. Essentially, Harness run certain policies behind the scenes to generate recommendations for your governance-enabled AWS accounts. These policies not only help to cut costs but also increase the efficiency of your system. On the Governance Overview page, Harness showcases recommendations that will benefit you to save costs on associated resources. You can click on any recommendation to view its details. + + +## Recommendations By Harness + +Cloud Asset Governance provides valuable recommendations, but when it comes to operationalizing them at scale, it might become challenging. Additionally, when using shared cloud accounts across teams, project-level recommendations might not work out. With Granular Recommendations, Governance recommendations will now be generated at the individual resource level, ensuring greater granularity and actionable insights for both custom and out-of-the-box (OOTB) recommendations. This enhancement simplifies implementation and tracking, allowing customers to take more effective action on governance recommendations at scale. + + + + +
+Recommendation: delete-unattached-aws-ebs + +**Description:** Delete all ebs volumes which are unattached + +**Policy Used:** +```yaml +policies: + - name: delete-unattached-aws-ebs + resource: ebs + filters: + - Attachments: [] + - State: available + actions: + - delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```ec2:DetachVolume``` + - ``` ec2:DescribeVolumes``` +- **Run Once:** + - ```ec2:DetachVolume``` + - ```ec2:DeleteVolume``` + - ```ec2:DescribeVolumes``` + +--- +
+ +
+Recommendation: list-low-request-count-aws-elb + +**Description:** List ELBs with low request count + +**Policy Used:** +```yaml +policies: + - name: list-low-request-count-aws-elb + resource: elb + description: List ELBs with low request count + filters: + - type: metrics + name: RequestCount + statistics: Sum + days: 7 + value: 7 + missing-value: 0 + op: less-than +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```cloudwatch:GetMetricData``` + - ```elasticloadbalancing:DescribeLoadBalancers``` + +- **Run Once:** + - ```cloudwatch:GetMetricData``` + - ```elasticloadbalancing:DescribeLoadBalancers``` + +--- +
+
+Recommendation: migrate-gp2-to-gp3-aws-ebs + +**Description:** Migrate gp2 volumes to gp3 + +**Policy Used:** +```yaml +policies: + - name: migrate-gp2-to-gp3-aws-ebs + resource: ebs + filters: + - VolumeType: gp2 + - modifyable + actions: + - type: modify + volume-type: gp3 +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. Then, 20% of that sum is taken as the savings. + +Ref: https://aws.amazon.com/blogs/storage/migrate-your-amazon-ebs-volumes-from-gp2-to-gp3-and-save-up-to-20-on-costs/ + + +**Permissions Required:** +- **Dry Run:** + - ```ec2:DescribeVolumeAttribute``` + - ```ec2:DescribeVolumesModifications``` +- **Run Once:** + - ```ec2:DescribeVolumeAttribute``` + - ```ec2:ModifyVolumeAttribute``` + - ```ec2:DescribeVolumesModifications``` + +--- +
+
+Recommendation: delete-volume-absent-aws-ebs-snapshot + +**Description:** Delete snapshots with no volumes + +**Policy Used:** +```yaml +policies: + - name: delete-volume-absent-aws-ebs-snapshot + description: Find any snapshots that do not have a corresponding volume. + resource: aws.ebs-snapshot + filters: + - type: volume + key: VolumeId + value: absent + actions: + - delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```ec2:DescribeVolumes``` +- **Run Once:** + - ```ec2:DescribeVolumes``` + - ```ec2:DeleteSnapshot``` + +--- +
+
+Recommendation: stop-unused-aws-rds + +**Description:** Stop unused RDS database + +**Policy Used:** +```yaml + policies: + - name: stop-unused-aws-rds + resource: rds + description: Stop unused RDS database + filters: + - type: value + key: DBInstanceStatus + value: available + - type: metrics + name: DatabaseConnections + statistics: Sum + days: 7 + value: 0 + op: equal + actions: + - stop +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```rds:DescribeDBInstances``` +- **Run Once:** + - ```rds:DescribeDBInstances``` + - ```rds:StopDBInstance``` + +--- +
+
+Recommendation: delete-unused-aws-elb + +**Description:** Delete unused ELB + +**Policy Used:** +```yaml +policies: + - name: delete-unused-aws-elb + resource: elb + filters: + - Instances: [] + actions: + - delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```elasticloadbalancing:DescribeLoadBalancers``` +- **Run Once:** + - ```elasticloadbalancing:DescribeLoadBalancers``` + - ```elasticloadbalancing:DeleteLoadBalancer``` + +--- +
+
+Recommendation: release-unattached-aws-elastic-ip + +**Description:** Release unattached Elastic IPs + +**Policy Used:** +```yaml +policies: + - name: release-unattached-aws-elastic-ip + resource: aws.elastic-ip + filters: + - AssociationId: absent + actions: + - release +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```ec2:DescribeAddresses``` +- **Run Once:** + - ```ec2:DescribeAddresses``` + - ```ec2:ReleaseAddress``` + +--- +
+
+Recommendation: delete-underutilized-aws-cache-cluster + +**Description:** Delete underutilized cache cluster with CPU utilization less than 5% in the last 7 days. + +**Policy Used:** + +```yaml +policies: + - name: delete-underutilized-aws-cache-cluster + resource: cache-cluster + description: | + Delete underutilised cache cluster with CPU utilisation less than 5% in last 7 days + filters: + - type: metrics + name: CPUUtilization + days: 7 + period: 86400 + value: 5 + op: less-than + actions: + - type: delete + skip-snapshot: false +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```elasticache:DescribeCacheClusters``` +- **Run Once:** + - ```elasticache:DescribeCacheClusters``` + - ```elasticache:DeleteCacheCluster``` + - ```elasticache:DeleteReplicationGroup``` + +
+
+Recommendation: configure-lifecycle-aws-s3 + +**Description:** Configure lifecycle for S3 buckets wherever it is absent which would help to reduce storage spend + +**Policy Used:** + +```yaml +policies: + - name: configure-lifecycle-aws-s3 + resource: aws.s3 + description: | + Configure lifecycle for s3 buckets wherever it is absent which would help to reduce storage spend + filters: + - type : value + key : Lifecycle + value : absent + actions: + - type: configure-lifecycle + rules: + - ID: harness-default-lifecycle + Status: Enabled + Filter: + Prefix: '' + Expiration: + ExpiredObjectDeleteMarker: True + AbortIncompleteMultipartUpload: + DaysAfterInitiation: 7 + NoncurrentVersionExpiration: + NoncurrentDays: 30 + NewerNoncurrentVersions: 6 +``` + + +**Savings Computed**: +To estimate the percentage cost savings from the given S3 lifecycle policies, we need to look at the specific actions and apply some reasonable assumptions. Here's a step-by-step approach: + +1. Abort Incomplete Multipart Uploads after 7 days: +- Assumption: 5% of all uploads are incomplete and are not cleaned up without this policy. +- Cost Impact: Each incomplete multipart upload that is aborted saves the storage cost of the data uploaded so far. + +2. Expire Noncurrent Versions after 30 days (keeping 6 versions): +- Assumption: Each object has, on average, 10 noncurrent versions stored. Expiring noncurrent versions after 30 days, keeping only the latest 6, will delete 4 out of every 10 noncurrent versions. +- Cost Impact: Deleting 40% of noncurrent versions reduces the total storage used by these versions. + +**Example Calculation** + +Let's assume the following for a single S3 bucket: + +**Total Storage Used**: 1 TB (1,024 GB) in the S3 Standard storage class. + +**Storage Distribution:** +- Current versions: 50% (512 GB) +- Noncurrent versions: 40% (410 GB) +- Incomplete multipart uploads: 10% (102 GB) + +**Calculations:** + + + +**Total Savings** + + +References: +- [AWS S3 Lifecycle Policies](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) +- [AWS S3 Pricing](https://aws.amazon.com/s3/pricing/) +- [Managing S3 Costs](https://aws.amazon.com/blogs/storage/optimizing-costs-with-amazon-s3-lifecycle-configurations/) + +**Permissions Required:** +- **Dry Run:** + - ```s3:GetLifecycleConfiguration``` +- **Run Once:** + - ```s3:GetLifecycleConfiguration``` + - ```s3:PutLifecycleConfiguration``` + +
+
+Recommendation: set-intelligent-tiering-aws-s3 + +**Description:** Configure intelligent tiering for S3 buckets wherever it is disabled which would help to reduce storage spend. + +**Policy Used:** + +```yaml +policies: + - name: set-intelligent-tiering-aws-s3 + resource: aws.s3 + description: | + Configure intelligent tiering for s3 buckets wherever it is disabled which would help to reduce storage spend. + filters: + - not: + - type: intelligent-tiering + attrs: + - Status: Enabled + actions: + - type: set-intelligent-tiering + Id: harness-default + IntelligentTieringConfiguration: + Id: harness-default + Status: Enabled + Tierings: + - Days: 90 + AccessTier: ARCHIVE_ACCESS + - Days: 180 + AccessTier: DEEP_ARCHIVE_ACCESS +``` + +**Savings Computed:** +- **Frequent Access Tier:** This tier is equivalent in cost to the standard S3 storage, so no savings here. +- **Infrequent Access Tier:** Data not accessed for 30 days moves here, saving approximately 45% compared to standard S3 storage​. +- **Archive Instant Access Tier:** Data not accessed for 90 days moves here, with savings of up to 68% compared to standard storage​. +- **Archive Access Tier:** If configured, data not accessed for 90 days can move here, offering around 71% savings​. +- **Deep Archive Access Tier:** Data not accessed for 180 days can be moved to this tier, providing up to 95% savings. + +**Example Calculation** + +Assume you have 1 TB of data stored in S3 standard storage: + + + +**Example Scenario** + +If 20% of your data transitions to the Infrequent Access tier after 30 days, 20% moves to Archive Access after 90 days, and 10% moves to Deep Archive Access after 180 days, your costs might look like this: + + + + This results in a cost savings of approximately 32.76% compared to keeping all data in standard S3 storage ($23.00 per month vs. $15.463 per month). + + References: + - [AWS intelligent tiering](https://aws.amazon.com/s3/storage-classes/intelligent-tiering/) + - [AWS S3 Pricing](https://aws.amazon.com/s3/pricing/) + +**Permissions Required:** +- **Dry Run:** + - ```s3:GetBucketIntelligentTieringConfiguration``` +- **Run Once:** + - ```s3:GetBucketIntelligentTieringConfiguration``` + - ```s3:PutIntelligentTieringConfiguration``` + +
+
+Recommendation: delete-underutilized-aws-redshift + +**Description:** Delete any Amazon Redshift cluster where CPU Utilization has been less than 5% for the last 7 days + +**Policy Used:** + +```yaml +policies: + - name: delete-underutilized-aws-redshift + resource: redshift + description: | + Delete redshift cluster where CPU Utilization is less than 5% for last 7 days + filters: + - type: metrics + name: CPUUtilization + days: 7 + period: 86400 + value: 5 + op: less-than + actions: + - delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```redshift:DescribeClusters``` +- **Run Once:** + - ```redshift:DescribeClusters``` + - ```redshift:DeleteCluster``` + +
+
+Recommendation: delete-old-manual-aws-redshift-snapshot + +**Description:** Delete all redshift snapshots older than 35 days with a lifetime retention period + +**Policy Used:** + +```yaml + +policies: + - name: delete-old-manual-aws-redshift-snapshot + resource: redshift-snapshot + description: | + Delete all redshift snapshot older than 35 days with lifetime retention period + filters: + - "ManualSnapshotRetentionPeriod": -1 + - type: age + days: 35 + op: gt + actions: + - delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +**Permissions Required:** +- **Dry Run:** + - ```redshift:DescribeClusterSnapshots``` +- **Run Once:** + - ```redshift:DeleteClusterSnapshot``` + - ```redshift:DescribeClusterSnapshots``` + +
+
+Recommendation: delete-empty-aws-dynamodb-table + +**Description:** Delete DyanmoDB tables which are empty + +**Policy Used:** + +```yaml +policies: + - name: delete-empty-aws-dynamodb-table + resource: dynamodb-table + description: | + Delete DyanmoDB tables which are empty + filters: + - TableSizeBytes: 0 + actions: + - delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +
+
+Recommendation: delete-stale-aws-log-group + +**Description:** Delete stale cloud watch log groups + +**Policy Used:** + +```yaml +policies: + - name: delete-stale-aws-log-group + resource: log-group + description: | + Delete stale cloud watch log groups + filters: + - type: last-write + days: 60 + actions: + - delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +
+
+Recommendation: delete-stale-aws-rds-snapshot + +**Description:** Delete all stale(older than 28 days) RDS snapshots + +**Policy Used:** + +```yaml +policies: + - name: delete-stale-aws-rds-snapshot + resource: rds-snapshot + description: | + Delete all stale(older than 28 days) RDS snapshots + filters: + - type: age + days: 28 + op: ge + actions: + - delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +
+
+Recommendation: delete-unencrypted-aws-firehose + +**Description:** Delete Firehose which are not encrypted + +**Policy Used:** + +```yaml +policies: + - name: delete-unencrypted-aws-firehose + resource: firehose + description: | + Delete Firehose which are not encrypted + filters: + - KmsMasterKeyId: absent + actions: + - type: delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +
+
+Recommendation: delete-unencrypted-aws-sqs + +**Description:** Delete SQS which are not encrypted + +**Policy Used:** + +```yaml +policies: + - name: delete-unencrypted-aws-sqs + resource: sqs + description: | + Delete SQS which are not encrypted + filters: + - KmsMasterKeyId: absent + actions: + - type: delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +
+
+Recommendation: delete-unused-aws-nat-gateway + +**Description:** Delete unused NAT Gateways based on no associated traffic in past 7 days. + +**Policy Used:** + +```yaml +policies: + - name: delete-unused-aws-nat-gateway + resource: nat-gateway + description: | + Delete unused NAT Gateways based on no associated traffic in past 7 days. + filters: + - type: metrics + name: BytesOutToDestination + statistics: Sum + period: 86400 + days: 7 + value: 0 + op: eq + actions: + - type: delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. +
+ + + + + +
+Recommendation: delete-idle-gcp-image + +**Description:** Delete GCP recommended idle images + +**Policy Used:** +```yaml +policies: + - name: delete-idle-gcp-image + description: | + Delete GCP images which are not used to create a disk for at least 15 days and not used in any instance template. + These idle images are fetched from GCP recommender. + resource: gcp.image + filters: + - type: recommend + id: google.compute.image.IdleResourceRecommender + actions: + - type: delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: `recommender.computeImageIdleResourceRecommendations.list` +- Run Once: + - `recommender.computeImageIdleResourceRecommendations.list` + - `compute.images.delete` + +--- +
+
+Recommendation: delete-never-attached-gcp-disk + +**Description:** Delete GCP recommended idle persistent disks which were never attached to a VM and is blank + +**Policy Used:** +```yaml +policies: + - name: delete-never-attached-gcp-disk + description: | + Delete GCP disks which are created at least 15 days ago and never attached to a VM and is blank. + These idle disks are fetched from GCP recommender. + resource: gcp.disk + filters: + - type: recommend + id: google.compute.disk.IdleResourceRecommender + - type: value + key: lastAttachTimestamp + value: + op: eq + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: `recommender.computeDiskIdleResourceRecommendations.list` +- Run Once: + - `recommender.computeDiskIdleResourceRecommendations.list` + - `compute.disks.delete` + +--- +
+
+Recommendation: stop-forever-running-gcp-instance + +**Description:** Stop the gcp instances that have an uptime greater than 30 days. + +**Policy Used:** +```yaml +policies: + - name: stop-forever-running-gcp-instance + description: | + Stop the gcp instances that have an uptime greater than 30 days. + resource: gcp.instance + filters: + - type: metrics + name: compute.googleapis.com/instance/uptime_total + aligner: ALIGN_NONE + value: 2592000 + op: greater-than + - type: value + key: status + value: "RUNNING" + op: eq + actions: + - type: stop +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: + - `compute.instances.list` + - `monitoring.timeSeries.list` + +- Run Once: + - `compute.instances.list` + - `monitoring.timeSeries.list` + - `compute.instances.stop` + +--- +
+
+Recommendation: delete-old-gcp-snapshot + +**Description:** Delete gcp snapshots older than 14 days. + +**Policy Used:** +```yaml +policies: + - name: delete-old-gcp-snapshot + resource: gcp.snapshot + description: | + Delete gcp snapshots older than 14 days. + filters: + - type: value + key: creationTimestamp + op: greater-than + value_type: age + value: 14 + actions: + type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: + - `compute.snapshots.list` + +- Run Once: + - `compute.snapshots.list` + - `compute.snapshots.delete` + +--- +
+
+Recommendation: stop-underutilized-gcp-instance + +**Description:** Stop underutilised instances with average CPU utilisation less than 5% in last 3 days. + +**Policy Used:** +```yaml +policies: + - name: stop-underutilized-gcp-instance + resource: gcp.instance + description: Stop underutilised instances with average CPU utilisation less than 5% in last 3 days + filters: + - type: metrics + name: compute.googleapis.com/instance/cpu/utilization + aligner: ALIGN_MEAN + days: 3 + value: 5 + op: less-than + - type: value + key: status + value: "RUNNING" + op: eq + actions: + - type: stop +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: + - `compute.instances.list` + - `monitoring.timeSeries.list` + +- Run Once: + - `compute.instances.list` + - `monitoring.timeSeries.list` + - `compute.instances.stop` + +--- + +
+
+Recommendation: stop-underutilized-gcp-sql-instance + +**Description:** Stop underutilised sql instances with average CPU utilisation less than 5% in last 3 days + +**Policy Used:** +```yaml +policies: + - name: stop-underutilized-gcp-sql-instance + resource: gcp.sql-instance + description: | + Stop underutilised sql instances with average CPU utilisation less than 5% in last 3 days + filters: + - type: metrics + name: cloudsql.googleapis.com/database/cpu/utilization + aligner: ALIGN_MEAN + days: 3 + value: 5 + op: less-than + actions: + - type: stop +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: + - `cloudsql.instances.list` + - `monitoring.timeSeries.list` + +- Run Once: + - `cloudsql.instances.list` + - `monitoring.timeSeries.list` + - `cloudsql.instances.update` + +--- +
+
+Recommendation: snapshot-and-delete-unattached-gcp-disk + +**Description:** Snapshot and delete GCP recommended idle persistent disks which are unattached + +**Policy Used:** +```yaml +policies: + - name: snapshot-and-delete-unattached-gcp-disk + description: | + Snapshot and delete GCP disks which are detached for at least 15 days. + These idle disks are fetched from GCP recommender. + resource: gcp.disk + filters: + - type: recommend + id: google.compute.disk.IdleResourceRecommender + - type: value + key: lastAttachTimestamp + value: + op: ne + actions: + - type: snapshot + name_format: "{disk[name]:.50}-{now:%Y-%m-%d}" + - type: delete + +``` + +**Savings Computed:** Savings are considered as 35% of the total cost. Implementing this recommendation would result in 35% to 92% reduction in the maintenance cost of that disk. Thus, we have considered the minimum savings achievable, which is 35%. Ref: https://cloud.google.com/compute/docs/viewing-and-applying-idle-resources-recommendations + +**Permissions Required:** +- Dry Run: + - `recommender.computeDiskIdleResourceRecommendations.list` + +- Run Once: + - `recommender.computeDiskIdleResourceRecommendations.list` + - `compute.disks.delete` + +--- +
+
+Recommendation: delete-idle-gcp-gke-cluster + +**Description:** List GCP Idle GKE Clusters Recommendations + +**Policy Used:** +```yaml +policies: + - name: delete-idle-gcp-gke-cluster + description: | + List GCP Idle GKE Clusters Recommendations + resource: gcp.gke-cluster + filters: + - type: recommend + id: google.container.DiagnosisRecommender + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +**Permissions Required:** +- Dry Run: + - `recommender.containerDiagnosisInsights.list` + - `container.clusters.list` + +- Run Once: + - `recommender.containerDiagnosisInsights.list` + - `container.clusters.list` + - `container.clusters.delete` + +--- +
+
+Recommendation: list-cost-recommendations-gcp-cloud-run-service + +**Description:** + +**Policy Used:** +```yaml +policies: + - name: list-cost-recommendations-gcp-cloud-run-service + resource: gcp.cloud-run-service + description: | + List Cloud Run CPU Allocation Recommendations + filters: + - type: recommend + id: google.run.service.CostRecommender +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +**Permissions Required:** +- Dry Run: + - `recommender.runServiceCostRecommendations.list` + - `run.services.list` + +- Run Once: + - `recommender.runServiceCostRecommendations.list` + - `run.services.list` + +--- +
+
+Recommendation: list-unused-gcp-bq-dataset + +**Description:** List BigQuery datasets that haven't been accessed in the last 7 days. + +**Policy Used:** +```yaml +policies: + - name: list-unused-gcp-bq-dataset + resource: gcp.bq-dataset + description: | + List BigQuery datasets that haven't been accessed in the last 7 days. + filters: + - type: value + key: lastModifiedTime + op: less-than + value_type: age + value: 7 +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for the last 30 days. + +**Permissions Required:** +- Dry Run: + - `bigquery.datasets.get` + +- Run Once: + - `bigquery.datasets.get` + +--- +
+
+Recommendation: delete-unused-gcp-function + +**Description:** Delete Cloud Functions that haven't been invoked in the last 7 days to reduce costs. + +**Policy Used:** +```yaml +policies: + - name: delete-unused-gcp-function + resource: gcp.function + description: > + Delete Cloud Functions that haven't been invoked in the last 7 days to + reduce costs. + filters: + - type: metrics + name: cloudfunctions.googleapis.com/function/execution_count + metric-key: resource.labels.function_name + days: 7 + value: 0 + op: eq + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: + - `monitoring.timeSeries.list` + - `cloudfunctions.functions.list` + +- Run Once: + - `monitoring.timeSeries.list` + - `cloudfunctions.functions.list` + - `cloudfunctions.functions.delete` + +--- +
+
+Recommendation: list-under-utilized-gcp-bucket + +**Description:** List low utilized gcp buckets in last 7 days. + +**Policy Used:** +```yaml +policies: + - name: list-under-utilized-gcp-bucket + description: | + List low utilized gcp buckets in last 7 days. + resource: gcp.bucket + filters: + - type: metrics + name: storage.googleapis.com/network/sent_bytes_count + aligner: ALIGN_COUNT + days: 7 + value: 1024 + op: less-than + missing-value: 0 + - type: metrics + name: storage.googleapis.com/network/received_bytes_count + aligner: ALIGN_COUNT + days: 7 + value: 1024 + op: less-than + missing-value: 0 +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: + - `monitoring.timeSeries.list` + - `storage.buckets.list` + +- Run Once: + - `monitoring.timeSeries.list` + - `storage.buckets.list` + +--- +
+
+Recommendation: list-hanged-gcp-dataflow-job + +**Description:** List Dataflow jobs that have been in an hanged state for more than 1 day. + +**Policy Used:** +```yaml +policies: + - name: list-hanged-gcp-dataflow-job + resource: gcp.dataflow-job + description: List Dataflow jobs that have been in an hanged state for more than 1 day. + filters: + - type: value + key: startTime + op: greater-than + value_type: age + value: 1 + - type: value + key: currentState + value: + - JOB_STATE_RUNNING + - JOB_STATE_DRAINING + - JOB_STATE_CANCELLING + +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** +- Dry Run: + - `dataflow.jobs.list` + +- Run Once: + - `dataflow.jobs.list` + +--- +
+
+Recommendation: delete-under-utilized-gcp-loadbalancer-address + +**Description:** Delete all load balancers with low utilizations, where packet count is less than 1000 in the last 72 hours. + +**Policy Used:** +```yaml +policies: + - name: delete-under-utilized-gcp-loadbalancer-address + resource: gcp.loadbalancer-address + description: > + Delete all low utilized load balancers where packet count is less than + 1000 in last 72 hours + filters: + - type: metrics + name: compute.googleapis.com/instance/network/received_packets_count + metric-key: metric.labels.instance_name + aligner: ALIGN_COUNT + days: 3 + value: 1000 + op: le + actions: + - type: delete + +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. + +**Permissions Required:** +- Dry Run: + - `monitoring.timeSeries.list` + - `compute.addresses.list` + +- Run Once: + - `monitoring.timeSeries.list` + - `compute.addresses.list` + - `compute.addresses.delete` + +--- +
+
+Recommendation: list-under-utilized-gcp-redis + +**Description:** List Redis instances with less than 5% CPU utilization over the last 7 days. + +**Policy Used:** +```yaml +policies: + - name: list-under-utilized-gcp-redis + resource: gcp.redis + description: List Redis instances with less than 5% CPU utilization in last 7 days + filters: + - type: metrics + name: redis.googleapis.com/stats/cpu_utilization + metric-key: resource.labels.instance_id + days: 7 + value: 0.05 + op: lte + +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for the last 30 days. + +**Permissions Required:** +- Dry Run: + - `monitoring.timeSeries.list` + - `redis.instances.list` + +- Run Once: + - `monitoring.timeSeries.list` + - `redis.instances.list` + +--- +
+ + +### GCP Resource Coverage (Examples) + +- Compute Engine instances +- Cloud Storage buckets +- App Engine applications +- Cloud SQL instances +- Cloud IAM policies + +For a comprehensive list of all supported GCP resources, refer to the [GCP Resource Reference — Cloud Custodian documentation](https://cloudcustodian.io/docs/gcp/resources/index.html). + + + + +
+Recommendation: delete-low-utilized-azure-cosmodb + +**Description:** Delete low utilised CosmosDB based on total requests in last 72 hours. + +**Policy Used:** +```yaml +policies: + - name: delete-low-utilized-azure-cosmodb + resource: azure.cosmosdb + description: | + Delete low utilised CosmosDB based on total requests in last 72 hours + filters: + - type: metric + metric: TotalRequests + op: le + aggregation: total + threshold: 1000 + timeframe: 72 + actions: + - type: delete +``` +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-unattached-azure-disk +**Description:** Delete all unattached disks. + +**Policy Used:** +```yaml +policies: + - name: delete-unattached-azure-disk + resource: azure.disk + description: | + Delete all unattached disks + filters: + - type: value + key: properties.diskState + value: Unattached + actions: + - type: delete +``` + +**Savings Computed:** The recommendation identifies a list of resources; to calculate potential savings, the costs of all resources over the last 30 days are summed together and that is shown as the potential savings. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-low-utilized-azure-load-balancer +**Description:** Delete all low utilised load balancers where packet count is less than 1000 in last 72 hours. + +**Policy Used:** +```yaml +policies: + - name: delete-low-utilized-azure-load-balancer + resource: azure.loadbalancer + description: | + Delete all low utilised load balancers where packet count is less than 1000 in last 72 hours + filters: + - type: metric + metric: PacketCount + op: le + aggregation: total + threshold: 1000 + timeframe: 72 + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-orphaned-azure-networkinterface +**Description:** Delete network interface which are not attached to virtual machine. + +**Policy Used:** +```yaml +policies: + - name: delete-orphaned-azure-networkinterface + resource: azure.networkinterface + description: | + Delete network interface which are not attached to virtual machine + filters: + - type: value + key: properties.virtualMachine + value: null + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: stop-underutilized-azure-vm +**Description:** Stop underutilised virtual machines with average CPU utilisation less than 5% in last 72 hours. + +**Policy Used:** +```yaml +policies: + - name: stop-underutilized-azure-vm + resource: azure.vm + description: | + Stop underutilised virtual machines with average CPU utilisation less than 5% in last 72 hours + filters: + - type: metric + metric: Percentage CPU + op: le + aggregation: average + threshold: 5 + timeframe: 72 + actions: + - type: stop +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-low-utilized-azure-keyvault +**Description:** Delete KeyVaults with less than 10 API hits in last 72 hours. + +**Policy Used:** +```yaml +policies: + - name: delete-low-utilized-azure-keyvault + resource: azure.keyvault + description: | + Delete KeyVaults with less than 10 API hits in last 72 hours + filters: + - type: metric + metric: ServiceApiHit + aggregation: total + op: lt + threshold: 10 + timeframe: 72 + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-low-utilized-azure-sqlserver +**Description:** Delete SQL servers with less than 10% average DTU consumption over last 72 hours. + +**Policy Used:** +```yaml +policies: + - name: delete-low-utilized-azure-sqlserver + resource: azure.sqlserver + description: | + Delete SQL servers with less than 10% average DTU consumption over last 72 hours + filters: + - type: metric + metric: dtu_consumption_percent + aggregation: average + op: lt + threshold: 10 + timeframe: 72 + filter: "DatabaseResourceId eq '*'" + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-unattached-azure-publicip +**Description:** Delete public ip which are not attached to any network interface. + +**Policy Used:** +```yaml +policies: + - name: delete-unattached-azure-publicip + resource: azure.publicip + description: | + Delete public ip which are not attached to any network interface + filters: + - type: value + key: properties.ipConfiguration + value: null + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-low-utilized-azure-datalake +**Description:** Delete all Datalake Stores with less than 1000 read requests or 1000 write requests in the last 72 hours. + +**Policy Used:** +```yaml +policies: + - name: delete-low-utilized-azure-datalake + resource: azure.datalake + description: | + Delete all Datalake Stores with less than 1000 read requests or 1000 write requests in the last 72 hours + filters: + - or: + - type: metric + metric: ReadRequests + op: le + aggregation: total + threshold: 1000 + timeframe: 72 + - type: metric + metric: WriteRequests + op: le + aggregation: total + threshold: 100 + timeframe: 72 + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-unused-azure-postgresql-server +**Description:** Delete PostgreSQL Servers that have had zero active connections in the last 72 hours. + +**Policy Used:** +```yaml +policies: + - name: delete-unused-azure-postgresql-server + resource: azure.postgresql-server + description: | + Delete PostgreSQL Servers that have had zero active connections in the last 72 hours + filters: + - type: metric + metric: active_connections + op: eq + threshold: 0 + timeframe: 72 + actions: + - type: delete +``` + +**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+
+Recommendation: delete-orphaned-azure-appserviceplan +**Description:** Delete orphaned(numberOfSites=0) application service plan + +**Policy Used:** +```yaml +policies: + - name: delete-orphaned-azure-appserviceplan + resource: azure.appserviceplan + description: | + Delete orphaned(numberOfSites=0) application service plan + filters: + - type: value + key: properties.numberOfSites + op: eq + value: 0 + actions: + - delete +``` + +**Savings Computed:** The recommendation identifies a list of resources; to calculate potential savings, the costs of all resources over the last 30 days are summed together and that is shown as the potential savings. + +**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. + +--- +
+ + + + +----------- + +## Rules Generating Recommendations + +The "Rules Generating Recommendations" tab shows all the rules you’ve turned on to generate recommendations. Every day, our system runs these rules across your main accounts and regions. The results are shown as recommendations, so you can track their full lifecycle from when they’re created to when they’re addressed. +The tab also gives you insights into the rules you’ve enabled. You can see a breakdown by account and region, including whether the rule ran successfully, had an error, or found resources that don’t have any savings attached. + +### Using Rules Generating Recommendations + +1. Navigate to the **Rules Generating Recommendations** > **+New Rule** to begin the process +2. Select a governance rule to generate recommendations +3. Configure the rule's scope: + - **All Accounts**: Apply the rule across your entire cloud infrastructure + - **Specific Accounts**: Target only selected cloud accounts for evaluation +4. Click **Generate Recommendations** to initiate the evaluation process + + + +After this, all the rules generating recommendations can be seen in the **Rules Generating Recommendations** tab alongwith last evaluation, recommendations, potential savings and success rate. If any connector and region combination encounters an issue, the system flags it with a Failed status. +The UI displays a detailed error message to assist in resolving the issue quickly. + +#### Status Breakdown: + +1. **Failed Status :** A failed status indicates one of the following scenarios: + +- Missing Permissions: The necessary permissions required for Harness to get or list resources are not provided. +- Harness Internal Error: A system-level issue occurred during processing. + +2. **Ignored Status :** An ignored status indicates one of the following scenarios: + +- No Cost Data Available: Billing connector setup at Harness is missing cost data for the target cloud account. +- Cost Threshold Not Met: Cost is less than $300 for the GCP project. +- Invalid Region: The regions found in cost data is not valid to run against Governance Rule. + +3. **Success Status :** A successful status indicates one of the following scenarios: + +- Recommendation Generated: The system successfully evaluated the rule and created a recommendation. +- No Resources in Evaluation: The rule was evaluated, but there were no resources found. +- Savings Below Threshold: A recommendation was generated, but the potential savings were calculated to be less than $10. + +--------- + +### Granular Recommendations + +Cloud Asset Governance provides valuable recommendations, but when it comes to operationalizing them at scale, it might become challenging. Additionally, when using shared cloud accounts across teams, project-level recommendations might not work out. With Granular Recommendations, Governance recommendations will now be generated at the individual resource level, ensuring greater granularity and actionable insights for both custom and out-of-the-box (OOTB) recommendations. This enhancement simplifies implementation and tracking, allowing customers to take more effective action on governance recommendations at scale. + +#### Enabling Granular Recommendations + + + +Owing to this, now, while adding a recommendation to Ignore List, users have the option to specify the scope at which the users want to ignore the recommendation. +The scope can be either at: + +- Rule-level +- Rule-level + Project-level +- Rule-level + Project-level + Resource-level. diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/Ouputscreen.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/Ouputscreen.png new file mode 100644 index 00000000000..6ea8cc27e66 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/Ouputscreen.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/ag-overview.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/ag-overview.png new file mode 100644 index 00000000000..47fdda192e1 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/ag-overview.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/ai-validation-error-banner.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/ai-validation-error-banner.png new file mode 100644 index 00000000000..1de39edb329 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/ai-validation-error-banner.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aida-overview.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aida-overview.png new file mode 100644 index 00000000000..f997b9f14fd Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aida-overview.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/anatomy-of-a-rule.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/anatomy-of-a-rule.png new file mode 100644 index 00000000000..4c46215f25e Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/anatomy-of-a-rule.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-gov-enforcement.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-gov-enforcement.png new file mode 100644 index 00000000000..2989aad43ee Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-gov-enforcement.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-gov-eval.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-gov-eval.png new file mode 100644 index 00000000000..a979cabfd5b Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-gov-eval.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-governance-rule-creation.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-governance-rule-creation.png new file mode 100644 index 00000000000..0466401bff7 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-governance-rule-creation.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-governance-rule-enforcement.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-governance-rule-enforcement.png new file mode 100644 index 00000000000..359962bc9fb Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-governance-rule-enforcement.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-governance-test-output-error.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-governance-test-output-error.png new file mode 100644 index 00000000000..3e01df217a2 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-governance-test-output-error.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-governance-valid-eval-output.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-governance-valid-eval-output.png new file mode 100644 index 00000000000..b93255ef21f Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/asset-governance-valid-eval-output.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aws-alert.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aws-alert.png new file mode 100644 index 00000000000..73ad0f947c2 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aws-alert.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aws-edit-json.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aws-edit-json.png new file mode 100644 index 00000000000..17e3bb7049c Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aws-edit-json.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aws-granular.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aws-granular.png new file mode 100644 index 00000000000..d18c0cb2e77 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aws-granular.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aws-missing-permission-role.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aws-missing-permission-role.png new file mode 100644 index 00000000000..fb0d475e49c Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aws-missing-permission-role.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aws-select-policy.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aws-select-policy.png new file mode 100644 index 00000000000..25805e413d7 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/aws-select-policy.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/azure-alert.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/azure-alert.png new file mode 100644 index 00000000000..a093b95c147 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/azure-alert.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/azure-granular.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/azure-granular.png new file mode 100644 index 00000000000..5070216a023 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/azure-granular.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/bulk-export.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/bulk-export.png new file mode 100644 index 00000000000..6af31506d56 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/bulk-export.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/cal1.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/cal1.png new file mode 100644 index 00000000000..28cc46e6ff4 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/cal1.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/cal2.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/cal2.png new file mode 100644 index 00000000000..b6d2a6e8661 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/cal2.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-another-rule.gif b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-another-rule.gif new file mode 100644 index 00000000000..fe5dba17c40 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-another-rule.gif differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-custom.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-custom.png new file mode 100644 index 00000000000..c0a6fc6d582 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-custom.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-enforcement-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-enforcement-aws.png new file mode 100644 index 00000000000..6e92af56f3d Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-enforcement-aws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-enforcement-azure.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-enforcement-azure.png new file mode 100644 index 00000000000..1f3bbee0a79 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-enforcement-azure.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-enforcement-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-enforcement-gcp.png new file mode 100644 index 00000000000..84efd352e53 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-enforcement-gcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-enforcement.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-enforcement.png new file mode 100644 index 00000000000..d4f27779eb1 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-enforcement.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-new-rule-set-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-new-rule-set-aws.png new file mode 100644 index 00000000000..38528a9a68a Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-new-rule-set-aws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-new-rule-set-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-new-rule-set-gcp.png new file mode 100644 index 00000000000..3129a37add9 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-new-rule-set-gcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-new-rule-set.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-new-rule-set.png new file mode 100644 index 00000000000..fcc4b4a68b6 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/create-new-rule-set.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/custom-rec.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/custom-rec.png new file mode 100644 index 00000000000..fde2aeb5307 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/custom-rec.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/custom-tab.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/custom-tab.png new file mode 100644 index 00000000000..49aae6365d7 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/custom-tab.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcement-new.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcement-new.png new file mode 100644 index 00000000000..088a524e60a Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcement-new.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-aws.png new file mode 100644 index 00000000000..3dc8e7f8028 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-aws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-azure.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-azure.png new file mode 100644 index 00000000000..8df764f6747 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-azure.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-gcp.png new file mode 100644 index 00000000000..bfdfa3c2c9f Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-gcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-list-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-list-aws.png new file mode 100644 index 00000000000..980e7c9ff49 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-list-aws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-list-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-list-gcp.png new file mode 100644 index 00000000000..6841364c465 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-list-gcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-list.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-list.png new file mode 100644 index 00000000000..df376f5eee6 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements-list.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements.png new file mode 100644 index 00000000000..0adf03d65cc Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/enforcements.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluation-aws-one.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluation-aws-one.png new file mode 100644 index 00000000000..6ae9bb09991 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluation-aws-one.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluation-gcp-one.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluation-gcp-one.png new file mode 100644 index 00000000000..7a099ce1a98 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluation-gcp-one.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluation-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluation-gcp.png new file mode 100644 index 00000000000..237b75b8d98 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluation-gcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-aws.png new file mode 100644 index 00000000000..6de4985d423 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-aws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-azure-table.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-azure-table.png new file mode 100644 index 00000000000..71ff9ba261e Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-azure-table.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-azure.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-azure.png new file mode 100644 index 00000000000..cd03a2874b1 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-azure.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-page-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-page-aws.png new file mode 100644 index 00000000000..11fb07d4efb Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-page-aws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-page-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-page-gcp.png new file mode 100644 index 00000000000..6e39e552c03 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-page-gcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-page.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-page.png new file mode 100644 index 00000000000..70a27353143 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations-page.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations.png new file mode 100644 index 00000000000..2ab4adaea6a Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/evaluations.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/example1.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/example1.png new file mode 100644 index 00000000000..c46fe5d599f Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/example1.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/example2.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/example2.png new file mode 100644 index 00000000000..02e15a5bbe4 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/example2.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/filter-evalaution-rules-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/filter-evalaution-rules-aws.png new file mode 100644 index 00000000000..7d07165cd22 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/filter-evalaution-rules-aws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/filter-evalaution-rules.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/filter-evalaution-rules.png new file mode 100644 index 00000000000..f328082245f Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/filter-evalaution-rules.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/filter-evaluation-rules-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/filter-evaluation-rules-gcp.png new file mode 100644 index 00000000000..cc1846a21cc Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/filter-evaluation-rules-gcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/finops-agent-suggestions.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/finops-agent-suggestions.png new file mode 100644 index 00000000000..f7244bb6d12 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/finops-agent-suggestions.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/finopsagent.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/finopsagent.png new file mode 100644 index 00000000000..86342ac0c8f Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/finopsagent.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gcp-alert.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gcp-alert.png new file mode 100644 index 00000000000..124c6819e10 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gcp-alert.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gcp-granular.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gcp-granular.png new file mode 100644 index 00000000000..a90f32714ab Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gcp-granular.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gen-ai-demo.gif b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gen-ai-demo.gif new file mode 100644 index 00000000000..3f132e1bda0 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gen-ai-demo.gif differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gov-alert.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gov-alert.png new file mode 100644 index 00000000000..238d6d73f4f Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gov-alert.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gov-alerts.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gov-alerts.png new file mode 100644 index 00000000000..0f5eea9dbb4 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gov-alerts.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gov-overview.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gov-overview.png new file mode 100644 index 00000000000..cf9ac386a3c Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/gov-overview.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/governance-rule.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/governance-rule.png new file mode 100644 index 00000000000..abccc3ac835 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/governance-rule.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/governancerules-rbac.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/governancerules-rbac.png new file mode 100644 index 00000000000..1c9d4620350 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/governancerules-rbac.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/governancerules.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/governancerules.png new file mode 100644 index 00000000000..aaf140bbff3 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/governancerules.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/historical-2.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/historical-2.png new file mode 100644 index 00000000000..00b09f9f8e3 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/historical-2.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/new-feature.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/new-feature.png new file mode 100644 index 00000000000..983623f64aa Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/new-feature.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/ouputscreen.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/ouputscreen.png new file mode 100644 index 00000000000..6ea8cc27e66 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/ouputscreen.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputTerminal.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputTerminal.png new file mode 100644 index 00000000000..2053b733b1d Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputTerminal.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputTerminalAWS.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputTerminalAWS.png new file mode 100644 index 00000000000..9eb2d5cd706 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputTerminalAWS.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputTerminalGCP.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputTerminalGCP.png new file mode 100644 index 00000000000..7fd6a0109de Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputTerminalGCP.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputterminal.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputterminal.png new file mode 100644 index 00000000000..2053b733b1d Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputterminal.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputterminalAWS.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputterminalAWS.png new file mode 100644 index 00000000000..9eb2d5cd706 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputterminalAWS.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputterminalaws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputterminalaws.png new file mode 100644 index 00000000000..9eb2d5cd706 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputterminalaws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputterminalgcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputterminalgcp.png new file mode 100644 index 00000000000..7fd6a0109de Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/outputterminalgcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/overview-copilot.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/overview-copilot.png new file mode 100644 index 00000000000..003d5c49645 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/overview-copilot.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/overview-one.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/overview-one.png new file mode 100644 index 00000000000..00b09f9f8e3 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/overview-one.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/overview-two.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/overview-two.png new file mode 100644 index 00000000000..02b52a11f57 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/overview-two.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/policy-comparison.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/policy-comparison.png new file mode 100644 index 00000000000..818c85de261 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/policy-comparison.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rbac-alerts.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rbac-alerts.png new file mode 100644 index 00000000000..3a1a3dad092 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rbac-alerts.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rg-granular.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rg-granular.png new file mode 100644 index 00000000000..64023ded5f8 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rg-granular.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rgr.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rgr.png new file mode 100644 index 00000000000..0815d3e0790 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rgr.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/roles-rbac.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/roles-rbac.png new file mode 100644 index 00000000000..eb284d3b1ba Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/roles-rbac.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-enforcements-page.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-enforcements-page.png new file mode 100644 index 00000000000..b1464cc54de Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-enforcements-page.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-example-AWS.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-example-AWS.png new file mode 100644 index 00000000000..7b5d4466c0f Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-example-AWS.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-example-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-example-aws.png new file mode 100644 index 00000000000..7b5d4466c0f Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-example-aws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-example-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-example-gcp.png new file mode 100644 index 00000000000..981ecfbf1a8 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-example-gcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-example.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-example.png new file mode 100644 index 00000000000..a319ff07b9a Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-example.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-new.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-new.png new file mode 100644 index 00000000000..95e104afbd2 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-new.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-overview.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-overview.png new file mode 100644 index 00000000000..da1bc8188e9 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-overview.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-set-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-set-aws.png new file mode 100644 index 00000000000..fb960a1acf0 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-set-aws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-set-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-set-gcp.png new file mode 100644 index 00000000000..5d244b2d5b7 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-set-gcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-set.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-set.png new file mode 100644 index 00000000000..fce2d02db3a Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-set.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-window-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-window-aws.png new file mode 100644 index 00000000000..4d5e000793c Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-window-aws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-window-azure.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-window-azure.png new file mode 100644 index 00000000000..3e0b3fa7024 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-window-azure.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-window-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-window-gcp.png new file mode 100644 index 00000000000..5bea32dffcd Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rule-window-gcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rules-aws-selection.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rules-aws-selection.png new file mode 100644 index 00000000000..dbdd4afea3d Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rules-aws-selection.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rules-azure-selection.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rules-azure-selection.png new file mode 100644 index 00000000000..75d8f26be0d Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rules-azure-selection.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rules-gcp-selection.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rules-gcp-selection.png new file mode 100644 index 00000000000..5478218df76 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rules-gcp-selection.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rules-generating-rec.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rules-generating-rec.png new file mode 100644 index 00000000000..060eaa542fd Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/rules-generating-rec.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/savings1.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/savings1.png new file mode 100644 index 00000000000..b02affcd287 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/savings1.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/select-rules-enforcement.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/select-rules-enforcement.png new file mode 100644 index 00000000000..97414b4532b Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/select-rules-enforcement.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/set-up-schedule-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/set-up-schedule-aws.png new file mode 100644 index 00000000000..26fd6d8c52b Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/set-up-schedule-aws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/set-up-schedule-azure.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/set-up-schedule-azure.png new file mode 100644 index 00000000000..dafb39290f3 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/set-up-schedule-azure.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/set-up-schedule-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/set-up-schedule-gcp.png new file mode 100644 index 00000000000..ab4f28ad028 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/set-up-schedule-gcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/set-up-schedule.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/set-up-schedule.png new file mode 100644 index 00000000000..b52cfebf80d Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/set-up-schedule.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-aws.png new file mode 100644 index 00000000000..ab463deae0d Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-aws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-enforcement-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-enforcement-aws.png new file mode 100644 index 00000000000..6b2ae42706a Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-enforcement-aws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-enforcement-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-enforcement-gcp.png new file mode 100644 index 00000000000..0083014131a Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-enforcement-gcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-enforcement.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-enforcement.png new file mode 100644 index 00000000000..0e4b3fb47d8 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-enforcement.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-gcp.png new file mode 100644 index 00000000000..264f2d2eb01 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-gcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-ruleset-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-ruleset-aws.png new file mode 100644 index 00000000000..19ef83c2d83 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-ruleset-aws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-ruleset-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-ruleset-gcp.png new file mode 100644 index 00000000000..7b863178cc7 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-ruleset-gcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-ruleset.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-ruleset.png new file mode 100644 index 00000000000..a80f9e2ce34 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete-ruleset.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete.png new file mode 100644 index 00000000000..9597c45eb0e Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/update-and-delete.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/view-desc-ai.gif b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/view-desc-ai.gif new file mode 100644 index 00000000000..60cbb8c2e9f Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/view-desc-ai.gif differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/view-rule-set-aws.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/view-rule-set-aws.png new file mode 100644 index 00000000000..f54ba10c28d Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/view-rule-set-aws.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/view-rule-set-gcp.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/view-rule-set-gcp.png new file mode 100644 index 00000000000..4582006f293 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/view-rule-set-gcp.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/view-rule-set.png b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/view-rule-set.png new file mode 100644 index 00000000000..1726b9d2124 Binary files /dev/null and b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two/static/view-rule-set.png differ diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/1-asset-governance.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/1-asset-governance.md deleted file mode 100644 index ab4188a71a5..00000000000 --- a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/1-asset-governance.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: Overview -description: This topic talks about Harness cloud asset governance. -# sidebar_position: 2 ---- - -Cloud Asset Governance is a governance-as-code engine which allows you to define policy guardrails eliminating the need for manual approval flows which hamper productivity. It helps you find non-compliant resources as defined in your standards from a cost, security and compliance standpoint. - -Cloud Asset Governance, while having the capability to service policies from other key use cases, focuses on helping you to optimize cloud spend and enhancing FinOps excellence. It supports a wide range of use cases: Auto-tagging, cleaning up of Orphaned resources and creating workflows around these policies. By leveraging policy-as-code, it automates resource optimization, security, and compliance tasks, freeing your engineers to focus on creating innovative products and services that drive your revenue. - -Cloud Asset Governance is built on top of the popular open source software Cloud Custodian, we have support for all 3 Major Cloud Service Providers: AWS, GCP and Azure. - -## Resource Coverage - -Harness also offers a wide range of policies, which are available out of the box, which you can leverage on day 0 to optimize your cloud resources and set up guardrails against future wastage. - -### AWS Resource Coverage (Examples) - -- EC2 instances -- S3 buckets -- Lambda functions -- RDS (Relational Database Service) instances -- CloudFormation stacks - -For a comprehensive list of all supported AWS resources, refer to the [AWS Resource Reference — Cloud Custodian documentation](https://cloudcustodian.io/docs/aws/resources/index.html). - -### Azure Resource Coverage (Examples) - -- Virtual Machines (VMs) -- Storage accounts -- App services -- Cosmos DB accounts -- Key Vaults - -For a comprehensive list of all supported Azure resources, refer to the [Azure Resource Reference — Cloud Custodian documentation](https://cloudcustodian.io/docs/azure/resources/index.html). - -### GCP Resource Coverage (Examples) - -- Compute Engine instances -- Cloud Storage buckets -- App Engine applications -- Cloud SQL instances -- Cloud IAM policies - -For a comprehensive list of all supported GCP resources, refer to the [GCP Resource Reference — Cloud Custodian documentation](https://cloudcustodian.io/docs/gcp/resources/index.html). - -## Use Cases - -### Orphaned resource cleanup -Cloud Asset Governance enables organizations to define policies that automatically identify and clean up orphaned resources across cloud providers. For example, a policy can be crafted to detect unattached volumes or unused IP addresses. When these resources are found, automated actions can be triggered to delete them, preventing unnecessary costs due to resource sprawl in a multi-cloud setup. - -### Tagging Automation - -You can automate the tagging of resources across different cloud providers, ensuring consistency and adherence to governance standards. By defining policies that enforce tagging rules, Cloud Asset Governance can automatically tag resources upon creation or update existing tags to meet compliance requirements. - -### Identifying underutilized resources - -Cloud Asset Governance helps in identifying underutilized resources by monitoring their usage patterns and applying predefined policies to flag resources that do not meet utilization thresholds. For instance, a policy could look for EC2 instances in AWS or VMs in Azure that have low CPU and network activity over a certain period. Cloud Asset Governance can then take corrective actions, such as sending notifications or automatically resizing these resources. - -### Automated remediations - -Cloud Asset Governance's policy-driven approach enables automated remediation of various issues, including security vulnerabilities and non-compliant configurations. Organizations can define policies that automatically enforce desired states or configurations for resources across cloud platforms. If Asset Governance detects a deviation from the policy, it can automatically execute remediation actions, such as automated cleanup, encryption, tagging etc. - -### Security and compliance use cases - -Cloud Asset Governance supports a wide range of security and compliance use cases. For security, policies can be set to detect open security groups, unencrypted data stores, or non-compliant IAM configurations. For compliance, Custodian can ensure resources align with standards such as HIPAA, PCI-DSS, or GDPR by continuously monitoring and enforcing the necessary controls. - -## Cloud Custodian - -Cloud custodian is a widely used open-source cloud management tool backed by CNCF which helps organizations enforce policies and automate actions to enable them achieve a well maintained cloud environment. It operates on the principles of declarative YAML based policies. With support for multiple cloud providers, including AWS, Azure, and Google Cloud, Cloud Custodian enables users to maintain consistent policies and governance practices across diverse cloud environments, making it particularly appealing for organizations embracing a multi-cloud strategy. - -Cloud Custodian comes with all the goodness of battle testing by the community & detects and auto remediates issues - it does come with its own set of challenges. Let’s dive into what are the key challenges that organizations run into when leveraging Cloud Custodian at scale to manage their assets. - -### Harness vs Cloud Custodian - -Cloud Custodian, while a widely used open-source cloud management tool, presents several challenges, including lack of a graphical interface, scalability issues, limited reporting and security features, complex policy creation requiring YAML syntax knowledge, and operational overhead. - -In contrast, Harness Cloud Asset Governance retains the strengths of Cloud Custodian while addressing its shortcomings. Harness provides preconfigured governance-as-code rules for easy implementation and customization, powered by an AI Development Assistant (AIDA™) for natural language policy authoring. It offers a fully managed and scalable rule execution engine, reducing operational complexities for organizations. - -The platform also includes a user-friendly visual interface, Role-Based Access Control, and detailed Audit trails for centralized visibility and precise access management. Additionally, Harness incorporates Out-of-the-Box Recommendations to identify cost-saving opportunities and improve compliance and security. By choosing Harness Cloud Asset Governance, organizations can optimize their cloud governance, enhance customization and usability, and overcome the challenges associated with self-hosting Cloud Custodian. - -Harness Cloud Asset Governance streamlines cloud management processes, improves governance efficiency, and enables organizations to achieve a well-managed cloud environment effectively. More details about the comparison can be found [here](https://www.harness.io/blog/harness-cloud-asset-governance-cloud-custodian-beyond). - -### Cloud-Custodian Versions at Harness - -The cloud-custodian versions utilised currently are as following: - - `c7n==0.9.44` - - `c7n_azure==0.7.43` - - `c7n_gcp==0.4.43` - - diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/3-gov-overview.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/3-gov-overview.md deleted file mode 100644 index b2cfe9236e1..00000000000 --- a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/3-gov-overview.md +++ /dev/null @@ -1,155 +0,0 @@ ---- -title: Summary of Your Asset Governance Rules -sidebar_label: Asset Governance Overview Page -description: This topic talks about Harness cloud asset governance. -# sidebar_position: 3 ---- -import Tabs from '@theme/Tabs'; - -import TabItem from '@theme/TabItem'; - -:::tip [Latest Features Released in 1.48.1](/release-notes/cloud-cost-management#april-2025---version-1481) - - - [Docs](/docs/cloud-cost-management/use-ccm-cost-governance/asset-governance/gov-overview#governance-alerts) - Users can now configure alerts in Cloud Assets Governance based on customizable criteria such as cloud provider, resource type, cloud accounts (AWS accounts, Azure subscriptions, or GCP projects), minimum number of resources found, and minimum cost impact. When an alert is triggered, users can specify email recipients to be notified and optionally include a `.json` file with detailed evaluation output. - - -::: - -The **Overview** page offers a consolidated summary of your organization's governance active enforcements, evaluations and cost savings resulting from rule evaluations.This provides a quick and easy way to monitor your cloud spend and ensure compliance with your governance policies. Additionally, you can access valuable recommendations for optimizing resource utilization, allowing you to achieve even greater cost savings. - -## Asset Governance Overview - -Here is an in-depth explanation of the Overview page and the information it displays for the users: - - - -- **Total Evaluations** — The total number of evaluations performed to date. -- **Total Active Enforcements** — The total number of active enforcements created to date. -- **Total Savings** — The total cost savings achieved from day one to date. -- **Savings in Timeframe** — The total cost savings achieved in the timeframe selected. -- **Evaluations in Timeframe** — Harness supports multiple statuses for Evaluations. The overview page now displays a detailed breakdown of evaluation counts by status. - Total Evaluations: The total number of evaluations in the timeframe selected. - Success Evaluations: Total number of evaluations with status as "Successful". - Failure Evaluations: Total number of evaluations with status as "Failure". - Partial Success Evaluations: Total number of evaluations with status as "Partial Success". -- **Alerts** - Option to create alerts for rule evaluations. -- **Savings Breakdown** — A granular graph that shows savings breakdown across different cloud providers and resources. You can see savings broken down by: - - **Cloud Provider**: This shows total cost savings for each cloud provider. - - **Resource Type**: This shows total cost savings by resource type . -- **Evaluations Trend** - This graph shows evaluations performed per day in the selected timeframe. If timeframe is selected for more than 2 months, the evaluations are shown per month in the selected timeframe. Also, evaluations along with their status i.e. "Success", "Partial Success" and "Failed" are shown. -- **Recommendations** - Governance Overview displays a list of all recommendations that can help optimize the cloud assets and minimize cloud costs. Governance Overview highlights the total potential savings that can be achieved if all recommendations are applied. - Additional to this, for each recommendation, Harness shows more details like: - - **Potential Monthly Savings**: Monthly cost savings that can be realized if the recommendations are applied. - - **Potential Monthly Spend**: Potential Monthly Spend is the monthly spend for all the resources that surfaced out as part of recommendations. Why potential? Because the resource might be newly added and Harness looks at the last 30 days of cost data which might not be present for all the days for newly created resources. - - **Resource Count**: Number of resources to which the recommendation will be applied. - - **Ignored list tag** if the recommendation is added to the "Ignored list". - Option to **view details** about the recommendation like which Account (in case of Azure, AWS)/ Project (in case of GCP), resource (AWS, Azure) the recommendation was applied to, the enforcements, etc. - - **Custom Recommendations**: All Custom Recommendations show up with a "Custom" badge after successful creation. - - :::important note - - In case of AWS and Azure, Account/ Subscription and region combination with greater than 300$ of monthly spend are considered for recommendations. - - In case of GCP, Project with greater than 300$ of monthly spend is considered for recommendations. - ::: - -To apply a recommendation, select the row. The recommendation opens on the **Recommendations** page. To learn how to enforce this recommendation, go to [Governance recommendations](/docs/cloud-cost-management/use-ccm-cost-optimization/ccm-recommendations/home-recommendations#apply-recommendations). - -You can see a list of all recommendations offered by Harness for each Cloud provider here: - -- [Asset Governance recommendations for AWS](https://developer.harness.io/docs/cloud-cost-management/use-ccm-cost-governance/asset-governance/aws/AWS-recommendations) -- [Asset Governance recommendations for Azure](https://developer.harness.io/docs/cloud-cost-management/use-ccm-cost-governance/asset-governance/azure/azure-recommendations) -- [Asset Governance recommendations for GCP](https://developer.harness.io/docs/cloud-cost-management/use-ccm-cost-governance/asset-governance/gcp/gcp-recommendations) - - -## Rules Generating Recommendations - - - -Harness CCM provides flexibility in how governance rules are applied across your organization. You can define custom default rules to enforce globally or for specific account subsets and control which accounts are subject to specific governance policies - -#### Adding Rules to Generate Recommendations - -:::info -Each cloud provider (AWS, Azure, GCP) supports up to 50 rules for recommendation generation. This limit applies to the combined total of both out-of-the-box (OOTB) and custom rules. -::: -1. Click on "Rules Generating Recommendations" tab. Click the **+Include Rule** button to add an existing cost governance rule -2. Select the scope for recommendation generation: - - **All Accounts/Regions/Subscriptions**: Apply the rule across your entire environment - - **Only Specific Accounts/Regions/Subscriptions**: Target the rule to selected accounts - -### Managing Governance Rules - -Once rules are added, the governance dashboard displays the following information for each rule: - -| Column | Description | -|--------|-------------| -| Name | The name of the governance rule | -| Target | Which accounts/subscriptions the rule applies to | -| Last Evaluation | When the rule was last processed | -| Recommendations | Number of recommendations generated | -| Potential Savings | Estimated cost savings if recommendations are implemented | -| Success Rate | Percentage of successful rule evaluations | - -For each rule, you can: -- Modify target subscriptions -- Remove the rule from generating recommendations -- View detailed rule performance metrics - -> **Note**: Only users with appropriate permissions can define default rules for groups or modify global governance policies. - -### Governance Alerts - -Alerts allow you to receive notifications when certain conditions are met during governance evaluations. These conditions can be fine-tuned based on cloud providers, resource types, account/subscription/project , cost impact, and resource count. - - - -You can create alerts by defining the following parameters: - -| Parameter | Description | -|-----------------------------------|-------------| -| **Cloud Provider** | Choose the cloud platform(s) where the policy evaluation should trigger an alert: **AWS**, **GCP**, or **Azure**. | -| **Resource Type** | Select the type of resources to monitor. These are defined based on [Cloud Custodian](https://cloudcustodian.io/) resource types. | -| **Accounts / Subscriptions / Projects** | Specify the scope of the alert: **AWS accounts**, **Azure subscriptions**, or **GCP projects**. | -| **Minimum Number of Resources Found** | Set the threshold for the number of resources. | -| **Minimum Cost Impact** | Set minimum cost impact associated with an evaluation. | -| **Email Recipients** | Enter one or more email addresses to receive alert notifications. | -| **Attach Evaluation Output** | Enable this to **attach a `.json` file** containing the full evaluation output in the email. Useful for automated analysis or deep dives. | - - -- **Granular RBAC for Governance Alerts**: You can assign granular permissions for Governance Alerts to specific resource groups and roles, enabling more precise access control. - - **For Resource Groups:** - 1. Navigate to **Account Settings** > **Access Control** > **Resource Groups** - 2. Select an existing Resource Group or create a new one - 3. Enable the **Cloud Asset Governance Alerts** permission - 4. Choose between **All** alerts or **Specified** alerts for more granular control - - - - **For Roles:** - 1. Navigate to **Account Settings** > **Access Control** > **Roles** - 2. Select an existing Role or create a new one - 3. Enable the **Cloud Asset Governance Alerts** permission - 4. Assign specific permissions such as **View** or **Edit/Delete** - - - - -## Cost Correlation - -Cost Correlation in Harness CCM connects governance with their actual cost impact, allowing you to quantify the financial implications. - -### What's supported - -| Cloud | Cost Correlation | First Class Region Filter Support | Recommendations | Multi-Policy | Autostopping (EC2/VM/Instance) | Perspective Preferences | -| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------- | --------------- | ------------ | ------------------------------ | ----------------------- | -| AWS | `aws.ec2`, `aws.ebs`, `aws.rds`, `aws.ebs-snapshot`, `aws.elastic-ip`, `aws.elb`, `cache-cluster`, `s3`, `redshift`, `redshift-snapshot`, `aws.log-group`, `aws.rds-snapshot`, `aws.nat-gateway`, `aws.sqs`, `aws.firehose`, `aws.dynamodb-table` | Yes ✅ | Yes ✅ | Yes ✅ | Yes ✅ | Yes ✅ | -| GCP | `gcp.instance`, `gcp.disk`, `gcp.snapshot`, `gcp.sql-instance`, `gcp.image`, `gcp.loadbalancer-address`, `gcp.loadbalancer-forwarding-rule`, `gcp.bucket`, `gcp.gke-cluster`, `gcp.bq-dataset`, `gcp.function`, `gcp.redis`, `gcp.cloud-run-service`, `gcp.dataflow-job` | No ❌ | Yes ✅ | Yes ✅ | No ❌ | Yes ✅ | -| Azure | Every Resource in Billing Report | Yes ✅ | Yes ✅ | Yes ✅ | No ❌ | Yes ✅ | - -### Cost Correlation Refresh API - -This API is used to refresh or update the cost of all resources in the evaluation. It is exposed to resolve cases where the cost for any resource is not yet part of CUR, Billing Report, or Billing Data (due to newly deployed resources, etc.).You can hit the refresh cost button only once every 30 minutes for any evaluation. - -:::note - -- Cost co-relation for GCP would work only if detailed billing export is setup. -- Changes made to "Perspective Preferences" in Account Settings of Cloud Cost Management will be now applied to Asset Governance. In case of AWS, previously, costs were taken as "Unblended". Now, users can select it to be Blended, Net-Amortised, Amortised, Effective or Unblended. Kindly note, it might take up to 30 minutes for costs to be refreshed after changes are applied. -- Azure Preferences set in Account Settings will now also be honored. - ::: diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/assetgov-rulemod.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/assetgov-rulemod.md deleted file mode 100644 index dc0b0a34e2f..00000000000 --- a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/assetgov-rulemod.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -title: Modifying default rules for asset governance -description: How to modify the existing rules in the template examples for asset governance ---- - -Cloud Asset Governance Rules provide a starting point for customers to define policy guardrails eliminating the need for manual approval flows. However, depending on a company's need and maturing governance, these template rules may need to be modified. -[!](./static/governancerules.png) - -## RBAC Requirements - -Harness offers controls on modification of rule modification and enforcement. In order to make changes, and depending on the type of changes, permissions will need to be provided to these categories -[!](./static/governancerules-rbac.png) - -## Modifying an existing rule set - -1. Locate the rule that you would like to modify, by searching the asset -2. Click on the `vertical ellipses` and select `Clone` -3. Modify the values in rules as required. Rename the rule if necessary -4. Validate the rule, and test Input. -5. Click on Save diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/aws/_category_.json b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/aws/_category_.json deleted file mode 100644 index 59e02f7194f..00000000000 --- a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/aws/_category_.json +++ /dev/null @@ -1 +0,0 @@ -{"label": "Governance for AWS", "collapsible": "true", "collapsed": "true", "className": "red", "link": {"type": "generated-index", "title": "Asset governance for AWS"}, "customProps": {"position": "20"}} \ No newline at end of file diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/aws/aws-recommendations.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/aws/aws-recommendations.md deleted file mode 100644 index b6b9329fedf..00000000000 --- a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/aws/aws-recommendations.md +++ /dev/null @@ -1,648 +0,0 @@ ---- -title: AWS Recommendations -description: This topic describes recommendations for AWS -# sidebar_position: 2 ---- - -Recommendations help kickstart your journey with governance. Essentially, Harness run certain policies behind the scenes to generate recommendations for your governance-enabled AWS accounts. These policies not only help to cut costs but also increase the efficiency of your system. On the Governance Overview page, Harness showcases recommendations that will benefit you to save costs on associated resources. You can click on any recommendation to view its details. - -## Governance Recommendation Insights - -Harness CCM now provides users the ability to monitor Governance Recommendations through the new Recommendation Insights tab in the Governance module. - -This enhancement offers clear visibility into the evaluation status of each rule and provides detailed insights about the cloud account (connector) and region involved in generating the recommendations. - -This tab is designed to streamline troubleshooting and improve visibility into why recommendations may fail, be ignored, or succeed, enabling users to take immediate corrective actions when necessary. - -#### How It Works: -- Status Tracking: Each Recommendation Rule's status is displayed in the Recommendation Insights tab. -- Cloud Connector (Account ID): The specific cloud account associated with the rule. -- Region: The region for which the rule is evaluated. - -#### Error Notifications: -If any connector and region combination encounters an issue, the system flags it with a Failed status. -The UI displays a detailed error message to assist in resolving the issue quickly. - -#### Status Breakdown: - -1. **Failed Status :** A failed status indicates one of the following scenarios: - -- Missing Permissions: The necessary permissions required for Harness to get or list resources are not provided. -- Harness Internal Error: A system-level issue occurred during processing. - -2. **Ignored Status :** An ignored status indicates one of the following scenarios: - -- No Cost Data Available: Billing connector setup at Harness is missing cost data for the target cloud account. -- Cost Threshold Not Met: Cost is less than $300 for the combination of account x region. -- Invalid Region: The regions found in cost data is not valid to run against Governance Rule. - -3. **Success Status :** A successful status indicates one of the following scenarios: - -- Recommendation Generated: The system successfully evaluated the rule and created a recommendation. -- No Resources in Evaluation: The rule was evaluated, but there were no resources found. -- Savings Below Threshold: A recommendation was generated, but the potential savings were calculated to be less than $10. - -## Recommendations - -### Granular Recommendations - -Cloud Asset Governance provides valuable recommendations, but when it comes to operationalizing them at scale, it might become challenging. Additionally, when using shared cloud accounts across teams, account-level recommendations might not work out. With Granular Recommendations, Governance recommendations will now be generated at the individual resource level, ensuring greater granularity and actionable insights for both custom and out-of-the-box (OOTB) recommendations. This enhancement simplifies implementation and tracking, allowing customers to take more effective action on governance recommendations at scale. - -#### Enabling Granular Recommendations - - - -Owing to this, now, while adding a recommendation to Ignore List, users have the option to specify the scope at which the users want to ignore the recommendation. The scope can be either at: -- Rule-level -- Rule-level + Account/Region-level -- Rule-level + Account/Region-level + Resource-level. - - - - -### Recommendation: delete-unattached-aws-ebs -**Description:** Delete all ebs volumes which are unattached - -**Policy Used:** -```yaml -policies: - - name: delete-unattached-aws-ebs - resource: ebs - filters: - - Attachments: [] - - State: available - actions: - - delete -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** -- **Dry Run:** - - ```ec2:DetachVolume``` - - ``` ec2:DescribeVolumes``` -- **Run Once:** - - ```ec2:DetachVolume``` - - ```ec2:DeleteVolume``` - - ```ec2:DescribeVolumes``` - ---- - -### Recommendation: list-low-request-count-aws-elb -**Description:** List ELBs with low request count - -**Policy Used:** -```yaml -policies: - - name: list-low-request-count-aws-elb - resource: elb - description: List ELBs with low request count - filters: - - type: metrics - name: RequestCount - statistics: Sum - days: 7 - value: 7 - missing-value: 0 - op: less-than -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** -- **Dry Run:** - - ```cloudwatch:GetMetricData``` - - ```elasticloadbalancing:DescribeLoadBalancers``` - -- **Run Once:** - - ```cloudwatch:GetMetricData``` - - ```elasticloadbalancing:DescribeLoadBalancers``` - ---- - -### Recommendation: migrate-gp2-to-gp3-aws-ebs -**Description:** Migrate gp2 volumes to gp3 - -**Policy Used:** -```yaml -policies: - - name: migrate-gp2-to-gp3-aws-ebs - resource: ebs - filters: - - VolumeType: gp2 - - modifyable - actions: - - type: modify - volume-type: gp3 -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. Then, 20% of that sum is taken as the savings. - -Ref: https://aws.amazon.com/blogs/storage/migrate-your-amazon-ebs-volumes-from-gp2-to-gp3-and-save-up-to-20-on-costs/ - - -**Permissions Required:** -- **Dry Run:** - - ```ec2:DescribeVolumeAttribute``` - - ```ec2:DescribeVolumesModifications``` -- **Run Once:** - - ```ec2:DescribeVolumeAttribute``` - - ```ec2:ModifyVolumeAttribute``` - - ```ec2:DescribeVolumesModifications``` - ---- - - -### Recommendation: delete-volume-absent-aws-ebs-snapshot -**Description:** Delete snapshots with no volumes - -**Policy Used:** -```yaml -policies: - - name: delete-volume-absent-aws-ebs-snapshot - description: Find any snapshots that do not have a corresponding volume. - resource: aws.ebs-snapshot - filters: - - type: volume - key: VolumeId - value: absent - actions: - - delete -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** -- **Dry Run:** - - ```ec2:DescribeVolumes``` -- **Run Once:** - - ```ec2:DescribeVolumes``` - - ```ec2:DeleteSnapshot``` - ---- - - -### Recommendation: stop-unused-aws-rds -**Description:** Stop unused RDS database - -**Policy Used:** -```yaml - policies: - - name: stop-unused-aws-rds - resource: rds - description: Stop unused RDS database - filters: - - type: value - key: DBInstanceStatus - value: available - - type: metrics - name: DatabaseConnections - statistics: Sum - days: 7 - value: 0 - op: equal - actions: - - stop -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** -- **Dry Run:** - - ```rds:DescribeDBInstances``` -- **Run Once:** - - ```rds:DescribeDBInstances``` - - ```rds:StopDBInstance``` - ---- - -### Recommendation: delete-unused-aws-elb -**Description:** Delete unused ELB - -**Policy Used:** -```yaml -policies: - - name: delete-unused-aws-elb - resource: elb - filters: - - Instances: [] - actions: - - delete -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** -- **Dry Run:** - - ```elasticloadbalancing:DescribeLoadBalancers``` -- **Run Once:** - - ```elasticloadbalancing:DescribeLoadBalancers``` - - ```elasticloadbalancing:DeleteLoadBalancer``` - ---- - -### Recommendation: release-unattached-aws-elastic-ip -**Description:** Release unattached Elastic IPs - -**Policy Used:** -```yaml -policies: - - name: release-unattached-aws-elastic-ip - resource: aws.elastic-ip - filters: - - AssociationId: absent - actions: - - release -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** -- **Dry Run:** - - ```ec2:DescribeAddresses``` -- **Run Once:** - - ```ec2:DescribeAddresses``` - - ```ec2:ReleaseAddress``` - ---- - -### Recommendation: delete-underutilized-aws-cache-cluster -**Description:** Delete underutilized cache cluster with CPU utilization less than 5% in the last 7 days. - -**Policy Used:** - -```yaml -policies: - - name: delete-underutilized-aws-cache-cluster - resource: cache-cluster - description: | - Delete underutilised cache cluster with CPU utilisation less than 5% in last 7 days - filters: - - type: metrics - name: CPUUtilization - days: 7 - period: 86400 - value: 5 - op: less-than - actions: - - type: delete - skip-snapshot: false -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. - -**Permissions Required:** -- **Dry Run:** - - ```elasticache:DescribeCacheClusters``` -- **Run Once:** - - ```elasticache:DescribeCacheClusters``` - - ```elasticache:DeleteCacheCluster``` - - ```elasticache:DeleteReplicationGroup``` - - -### Recommendation: configure-lifecycle-aws-s3 - -**Description:** Configure lifecycle for S3 buckets wherever it is absent which would help to reduce storage spend - -**Policy Used:** - -```yaml -policies: - - name: configure-lifecycle-aws-s3 - resource: aws.s3 - description: | - Configure lifecycle for s3 buckets wherever it is absent which would help to reduce storage spend - filters: - - type : value - key : Lifecycle - value : absent - actions: - - type: configure-lifecycle - rules: - - ID: harness-default-lifecycle - Status: Enabled - Filter: - Prefix: '' - Expiration: - ExpiredObjectDeleteMarker: True - AbortIncompleteMultipartUpload: - DaysAfterInitiation: 7 - NoncurrentVersionExpiration: - NoncurrentDays: 30 - NewerNoncurrentVersions: 6 -``` - -**Savings Computed**: -To estimate the percentage cost savings from the given S3 lifecycle policies, we need to look at the specific actions and apply some reasonable assumptions. Here's a step-by-step approach: - -1. Abort Incomplete Multipart Uploads after 7 days: -- Assumption: 5% of all uploads are incomplete and are not cleaned up without this policy. -- Cost Impact: Each incomplete multipart upload that is aborted saves the storage cost of the data uploaded so far. - -2. Expire Noncurrent Versions after 30 days (keeping 6 versions): -- Assumption: Each object has, on average, 10 noncurrent versions stored. Expiring noncurrent versions after 30 days, keeping only the latest 6, will delete 4 out of every 10 noncurrent versions. -- Cost Impact: Deleting 40% of noncurrent versions reduces the total storage used by these versions. - -**Example Calculation** - -Let's assume the following for a single S3 bucket: - -**Total Storage Used**: 1 TB (1,024 GB) in the S3 Standard storage class. - -**Storage Distribution:** -- Current versions: 50% (512 GB) -- Noncurrent versions: 40% (410 GB) -- Incomplete multipart uploads: 10% (102 GB) - -**Calculations:** - - - -**Total Savings** - - -References: -- [AWS S3 Lifecycle Policies](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) -- [AWS S3 Pricing](https://aws.amazon.com/s3/pricing/) -- [Managing S3 Costs](https://aws.amazon.com/blogs/storage/optimizing-costs-with-amazon-s3-lifecycle-configurations/) - -**Permissions Required:** -- **Dry Run:** - - ```s3:GetLifecycleConfiguration``` -- **Run Once:** - - ```s3:GetLifecycleConfiguration``` - - ```s3:PutLifecycleConfiguration``` - - -### Recommendation: set-intelligent-tiering-aws-s3 - -**Description:** Configure intelligent tiering for S3 buckets wherever it is disabled which would help to reduce storage spend. - -**Policy Used:** - -```yaml -policies: - - name: set-intelligent-tiering-aws-s3 - resource: aws.s3 - description: | - Configure intelligent tiering for s3 buckets wherever it is disabled which would help to reduce storage spend. - filters: - - not: - - type: intelligent-tiering - attrs: - - Status: Enabled - actions: - - type: set-intelligent-tiering - Id: harness-default - IntelligentTieringConfiguration: - Id: harness-default - Status: Enabled - Tierings: - - Days: 90 - AccessTier: ARCHIVE_ACCESS - - Days: 180 - AccessTier: DEEP_ARCHIVE_ACCESS -``` - -**Savings Computed:** -- **Frequent Access Tier:** This tier is equivalent in cost to the standard S3 storage, so no savings here. -- **Infrequent Access Tier:** Data not accessed for 30 days moves here, saving approximately 45% compared to standard S3 storage​. -- **Archive Instant Access Tier:** Data not accessed for 90 days moves here, with savings of up to 68% compared to standard storage​. -- **Archive Access Tier:** If configured, data not accessed for 90 days can move here, offering around 71% savings​. -- **Deep Archive Access Tier:** Data not accessed for 180 days can be moved to this tier, providing up to 95% savings. - -**Example Calculation** - -Assume you have 1 TB of data stored in S3 standard storage: - - - -**Example Scenario** - -If 20% of your data transitions to the Infrequent Access tier after 30 days, 20% moves to Archive Access after 90 days, and 10% moves to Deep Archive Access after 180 days, your costs might look like this: - - - - This results in a cost savings of approximately 32.76% compared to keeping all data in standard S3 storage ($23.00 per month vs. $15.463 per month). - - References: - - [AWS intelligent tiering](https://aws.amazon.com/s3/storage-classes/intelligent-tiering/) - - [AWS S3 Pricing](https://aws.amazon.com/s3/pricing/) - -**Permissions Required:** -- **Dry Run:** - - ```s3:GetBucketIntelligentTieringConfiguration``` -- **Run Once:** - - ```s3:GetBucketIntelligentTieringConfiguration``` - - ```s3:PutIntelligentTieringConfiguration``` - - -### Recommendation: delete-underutilized-aws-redshift - -**Description:** Delete any Amazon Redshift cluster where CPU Utilization has been less than 5% for the last 7 days - -**Policy Used:** - -```yaml -policies: - - name: delete-underutilized-aws-redshift - resource: redshift - description: | - Delete redshift cluster where CPU Utilization is less than 5% for last 7 days - filters: - - type: metrics - name: CPUUtilization - days: 7 - period: 86400 - value: 5 - op: less-than - actions: - - delete -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. - -**Permissions Required:** -- **Dry Run:** - - ```redshift:DescribeClusters``` -- **Run Once:** - - ```redshift:DescribeClusters``` - - ```redshift:DeleteCluster``` - - -### Recommendation: delete-old-manual-aws-redshift-snapshot - -**Description:** Delete all redshift snapshots older than 35 days with a lifetime retention period - -**Policy Used:** - -```yaml - -policies: - - name: delete-old-manual-aws-redshift-snapshot - resource: redshift-snapshot - description: | - Delete all redshift snapshot older than 35 days with lifetime retention period - filters: - - "ManualSnapshotRetentionPeriod": -1 - - type: age - days: 35 - op: gt - actions: - - delete -``` -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. - -**Permissions Required:** -- **Dry Run:** - - ```redshift:DescribeClusterSnapshots``` -- **Run Once:** - - ```redshift:DeleteClusterSnapshot``` - - ```redshift:DescribeClusterSnapshots``` - ---- - -### Recommendation: delete-empty-aws-dynamodb-table - -**Description:** Delete DyanmoDB tables which are empty - -**Policy Used:** - -```yaml -policies: - - name: delete-empty-aws-dynamodb-table - resource: dynamodb-table - description: | - Delete DyanmoDB tables which are empty - filters: - - TableSizeBytes: 0 - actions: - - delete -``` -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. - ---- - -### Recommendation: delete-stale-aws-log-group - -**Description:** Delete stale cloud watch log groups - -**Policy Used:** - -```yaml -policies: - - name: delete-stale-aws-log-group - resource: log-group - description: | - Delete stale cloud watch log groups - filters: - - type: last-write - days: 60 - actions: - - delete -``` -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. - ---- - -### Recommendation: delete-stale-aws-rds-snapshot - -**Description:** Delete all stale(older than 28 days) RDS snapshots - -**Policy Used:** - -```yaml -policies: - - name: delete-stale-aws-rds-snapshot - resource: rds-snapshot - description: | - Delete all stale(older than 28 days) RDS snapshots - filters: - - type: age - days: 28 - op: ge - actions: - - delete -``` -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. - ---- - -### Recommendation: delete-unencrypted-aws-firehose - -**Description:** Delete Firehose which are not encrypted - -**Policy Used:** - -```yaml -policies: - - name: delete-unencrypted-aws-firehose - resource: firehose - description: | - Delete Firehose which are not encrypted - filters: - - KmsMasterKeyId: absent - actions: - - type: delete -``` -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. - ---- - -### Recommendation: delete-unencrypted-aws-sqs - -**Description:** Delete SQS which are not encrypted - -**Policy Used:** - -```yaml -policies: - - name: delete-unencrypted-aws-sqs - resource: sqs - description: | - Delete SQS which are not encrypted - filters: - - KmsMasterKeyId: absent - actions: - - type: delete -``` -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. - ---- - -### Recommendation: delete-unused-aws-nat-gateway - -**Description:** Delete unused NAT Gateways based on no associated traffic in past 7 days. - -**Policy Used:** - -```yaml -policies: - - name: delete-unused-aws-nat-gateway - resource: nat-gateway - description: | - Delete unused NAT Gateways based on no associated traffic in past 7 days. - filters: - - type: metrics - name: BytesOutToDestination - statistics: Sum - period: 86400 - days: 7 - value: 0 - op: eq - actions: - - type: delete -``` -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. - ---- diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/aws/harness-concepts.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/aws/harness-concepts.md deleted file mode 100644 index e5ac36a6acf..00000000000 --- a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/aws/harness-concepts.md +++ /dev/null @@ -1,270 +0,0 @@ ---- -title: Harness Concepts -description: This topic describes how to optimize cloud costs using asset governance. -# sidebar_position: 2 ---- - - -# Harness Concepts: Rules, Rule Sets, Enforcements and Evaluations to optimise cloud costs - -## Rules - -Rules help you set up Asset Governance for your cloud provider. A Rule is essentially a small file with a set of logic that you can run on your cloud infrastructure. For example, there might be a scenario in which you want to migrate all gp2 EBS volumes to gp3. In such a case, we write and run a rule which does this for us. - -Ideally, rules include policy, resource, filters, and actions. - -- A **policy** is defined in YAML format and consists of filters and actions that are applied to a specific type of cloud resource. - -- A **resource** is the type of cloud resource or service on which the rule will be run with the actions and filters, such as ec2, s3, elb, etc. - -- A **filter**, as the name suggests, is a criteria used to narrow down the results based on the attributes. These attributes can include anything such as tags, metadata, or any other resource property provided by you. When the filter is applied, only those resources that match the criteria specified in the filter are given as a result. - -- **Actions** are operations performed on the filtered resources. Actions include things like migrating gp2 volumes to gp3, deleting snapshots with no volumes, or sending an email notification. - - - -So essentially, **a Rule is a file that includes logic defined by a policy that performs certain actions on the resource based on the filters provided by the user**. Rules can include multiple policies, and policies include resource, filters and actions. - - - -### Create a new Rule - -1. In **Harness**, go to **Cloud Costs**. -2. Select **Asset Governance**. -3. Select **Rules**. -4. Select **+ New Rule**. - - - - -5. Enter a name for the rule. -6. Select the cloud provider. Also, enter Savings prediction in percentage (optional). This custom percentage will be honored during savings computation. -7. Optionally, enter a description of the rule. -8. Select **Apply**. -9. Enter the YAML policy in the rule editor. -10. Select **Save**. If the policy is invalid, an error message is displayed. -11. Select the **Account** and the **Region** from the dropdown list in the Test Terminal. -12. Select **Dry Run** to view the instances or services that will be acted upon when you enforce the rule. -13. After evaluating the output, select **Run Once** to execute the rule. - - - -:::info -Harness provides some out-of-the-box policies for aws.ebs-snapshot, ebs, rds, etc. that can be enforced. These policies cannot be edited but can be cloned. -::: -### Update a Rule - -You can view the Rules on the Asset Governance Rules page. You can click on Edit button from the vertical ellipsis menu (⋮) to edit a Rule or simply click on the Rule to open Rule editor and then make changes. - -### Delete a Rule - -To delete a Rule Set, click on Delete from the vertical ellipsis menu (⋮). - - - -:::info -We now have Terraform support for managing Governance Rules. Please see [here](https://registry.terraform.io/providers/harness/harness/latest/docs/resources/governance_rule) for more details. -::: -## Rule Sets - -As mentioned previously, a Rule can have multiple policies. However, when there are multiple rules with multiple policies, it can become hard to manage them all together. This is where **Rule Sets** can be used. Rule sets serve as logical bindings on top of individual rules that help you organize and manage rules. By organizing rules into sets, organizations improve accessibility and simplify maintenance, as enforcements can be made against the entire rule set rather than individual rules. - - - - - -### Create a new Rule Set - -To create a Rule Set, perform the following steps: - -1. In **Harness**, go to **Cloud Costs**. -2. Select **Asset Governance**. -3. Select **Rules**. -4. Select the **Rule Sets** tab. -5. Select **+ New Rule Set**. -6. Enter a name for the rule set. -7. Optionally, enter a description of the rule set. -8. Select the cloud provider. -9. Select the rules that you want to add to the rule set. -10. Select **Create Rule Set**. -The rule set is created successfully. - - - - -11. You can view the rule set on the **Asset Governance Rules** page. Expand the rule set to view the individual rules in the rule set. -12. Select **Enforce Rule Set** in the Enforcements column to enforce this rule set. - -### Update a Rule Set - -You can view the Rule Set on the Asset Governance Rules page. Expand the rule set to view the individual rules in the rule set. You can click on Edit button from the vertical ellipsis menu (⋮) to edit the rule set. - -### Delete a Rule Set -To delete a Rule Set, click on Delete from the vertical ellipsis menu (⋮). - - - -:::info -We now have Terraform support for managing Governance RuleSets. Please see [here](https://registry.terraform.io/providers/harness/harness/latest/docs/resources/governance_rule_set) for more details. -::: - - -## Enforcements - -:::info -Each enforcement can now have up to **10,000 evaluations**. The cap is calculated as `Rules × Accounts × Regions` and replaces the earlier individual limits on rules, rule sets, accounts, or regions. -::: - -Enforcements enable you to enforce a certain set of Rules or Rule Sets (also known as governance guardrails) against a specific set of targets (accounts, projects, or subscriptions) to run periodically. Sometimes, we need rules to run periodically, such as every day, week, or month. However, running these rules manually every day or week at a specified time creates extra overhead and is a slow process prone to manual errors. To solve this, Enforcements allow users to set up a timely schedule and choose the day, time, and frequency for their rules or rule sets. - -For example, a user can create an Enforcement to schedule the deletion of all unattached disks. This Enforcement will run on the **days specified by the user**, at the **specified time**, and with the **specified frequency (hourly, daily, monthly**). For instance, you could set it to run daily at 2:00 AM to ensure that unused RDS database is deleted. Alternatively, you might choose to run it hourly during peak usage times, or monthly for less critical cleanup tasks. - -While setting up a new Enforcement, you can select the following: -- **Cloud provider**: Currently we support AWS, Azure and GCP. -- **Rules/ Rule Sets**: You can select the Rules or Rule Sets that your Enforcement will consist of. -- **Target Accounts and Regions**: The target accounts and regions that you will be running the Enforcements on. -- **Frequency**: The frequency for running the Enforcement. Currently, it can be set for hourly, daily or weekly. -- **Time**: After setting the frequency, you can choose the time at which it runs. -- **Dry Run Mode**: You can choose to run your Enforcement in Dry Run mode which will generate a simulation of the rule enforcement instead of performing actions. - - - - -### Create a new Enforcement -To create an Enforcement, perform the following steps: - -1. In your **Harness** application, go to **Cloud Costs**. -2. Select **Asset Governance**. -3. Select **Enforcements**. -4. Select **+ New Enforcement**. -5. Enter a name for the Enforcement. -6. Optionally, enter a description of the Enforcement. -7. Select the cloud provider. -8. Select the Rules or Rule Sets that you want to enforce. You can use the **Search** box if you have multiple rules and are looking to enforce a particular rule or rule set. -9. Select **Continue**. - - -10. Select the target accounts and target regions. You could select multiple accounts and regions. -11. Set the frequency from **Hourly**, **Daily**, or **Weekly** options. In case you select Daily or Weekly, specify the day, time, and time zone to run the rule on schedule. -12. Toggle the **Dry Run** mode if you do not want to take action immediately. -13. Select **Finish**. - - - -After setting up the schedule, you can view the Enforcement on the **Enforcements** page. - - - -Furthermore, you can disable the Enforcement at any time using the toggle button in the **Status** column. If you want to turn off the dry-run mode, select **Edit** from the vertical ellipsis menu (⋮) then go to "Target And Schedule", use slider to turn off "Enforce Rule(s) in Dry Run mode" and click on Finish. - -### Update an Enforcement - -You can view any Enforcements on Rule Enforcements page. Click on the enforcement to view details such as the rules, target accounts, and regions included in the enforcement. For updating, you can use the "Edit" button from the vertical ellipsis menu (⋮) to update the enforcements as per your convenience. - -### Delete an Enforcement - -To delete an enforcement, simply click on “Delete” from the vertical ellipsis menu (⋮). - - - -:::info -We now have Terraform support for managing Governance Enforcements. Please see [here](https://registry.terraform.io/providers/harness/harness/latest/docs/resources/governance_rule_enforcement) for more details. -::: - - -## Evaluations - -Evaluations include all the data about enforcements run (both RUN ONCE from rule editor and from Enforcement). The Evaluations window also shows you the total cost impact with each Enforcement i.e. the costs or spendings associated with each Evaluation along with the last time that Rule/Rule set was enforced. With Evaluations, you can view and audit all the Enforcements that ran in the past. - -Harness CCM also supports multiple statuses for evaluations. Currently CCM supports three statuses for an evaluation: - -- Success: If the evaluation is completed without any errors, the status of the evaluation is shown as "Successful". -- Failure: If the evaluation is not completed and has errors, the status of the evaluation is shown as "Failure". -- Partial Success: If the evaluation is successful without any Harness errors but Cloud Custodian has additional logs and/or in case of multi-policy evaluations, if the evaluation was successful only for a subset of resources, the status is shown as "Partial Success". - - - - -### View Evaluations - -1. In your **Harness** application, go to **Cloud Costs**. -2. Select **Asset Governance**. -3. Select **Evaluations**. -4. You can see all the Evaluations of Rules listed on the window. -4. Select the rule for which you want to view the Evaluation details. The target account, region, identified resources and evaluation logs are displayed. - - - -In the output window, users can see the resources identified in form of a Table or JSON. The table view supports all the filters and flattening of the table is supported as well. That essentially means, nested propoerties are flattened. By default, nested objects and arrays are collapsed and can be expanded upto two levels. Further nested properties are shown as formatted JSON. - -### Filters in Evaluations List Page - -You can create filters to view selected rules: - -1. Select the filter icon. -2. Enter a name. -3. Select who can edit and view the filter. -4. Select one or more of the following criteria to filter the results: - * Rules - * Rule Sets - * Enforcements - * Minimum Cost Impact ($) - * Cloud Provider - * AWS Filters - - AWS Account - - Target Regions - -5. Select **Apply**. - - - -:::important note -Number of evaluations for which we can compute cost impact is 1,50,000/ Day. -::: - -### Bulk Export Evaluations - -Use **Bulk Export** to download up to 100 evaluation results (AWS, GCP, or Azure) in a single ZIP file. Export is available when all selected evaluations are in a terminal state (Succeeded or Failed). - -**How to export** -1. Click **Export**. -2. Choose the files to include: - - `metadata.json`: summary of each evaluation - - `resources.json`: resources identified - - `custodian-run.log`: execution log - - `actioned-resources.json`: resources acted on -3. Click **Generate Report**. - -The ZIP file is organised by evaluation ID (or by policy sub-folders for multi-policy runs) so you can quickly locate results. You can also export from the **Test Terminal** when evaluating multiple targets. - - - -## Testing Terminal - -In the rule editor, a test terminal is present for users to see the output in the terminal itself upon evaluating a Rule. This is done to ensure that users can run the rules and try accordingly to check how the output would look on the selected account and region. There are two options: first, to select the target account and second, to select the regions. After providing the relevant inputs, the users can select either to dry run the rule first, run it once or enforce the rule. - - - -After this, the resources identified are shown on the output terminal in JSON format. With this output, users can perform different actions like searching, downloading, filtering, sorting and picking. - - - -#### Searching in Output Terminal -After the output is rendered, users can search for any keywords in the output terminal. This streamlines troubleshooting and debugging processes and helps to efficiently locate required information amidst large volumes of output data. - -#### Zip Downloads -The JSON output can be downloaded in either JSON format or a CSV format(original or flatted) into a single zip archive. - -#### JSON Filtering -The output can be filtered based on the keys present in the JSON output. Currently, filtering on the basis of `==`, `!=`, `<`, `<=`, `>`, `>=` is supported in terms of numeric key values and if the key's value is a string, string matching using `LIKE` is supported. This feature enables users to extract specific fields, filter out irrelevant data, and perform relevant queries on JSON datasets. - -#### Sorting -The output can be sorted based on the keys present in the JSON output in either an `ASCENDING` or `DESCENDING` manner. - -#### Pick -If output needs to be streamlined and only a few keys-value pairs are required, 'Pick' functionality can be used. Using this, users can pick only the required keys and see the data associated with them in the output. - -:::info -If multiple Regions and/or multiple Accounts are selected, the Output Terminal will render the links to the Evaluations page for all the individual evaluations per Subscription-Region pair. From that page, upon clicking on individual evaluations, detailed output and logs can be seen. -::: - diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/azure/_category_.json b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/azure/_category_.json deleted file mode 100644 index c4d5f834a8a..00000000000 --- a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/azure/_category_.json +++ /dev/null @@ -1 +0,0 @@ -{"label": "Governance for Azure", "collapsible": "true", "collapsed": "true", "className": "red", "link": {"type": "generated-index", "title": "Asset governance for Azure"}, "customProps": {"position": "20"}} \ No newline at end of file diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/azure/azure-recommendations.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/azure/azure-recommendations.md deleted file mode 100644 index ba774af2317..00000000000 --- a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/azure/azure-recommendations.md +++ /dev/null @@ -1,442 +0,0 @@ ---- -title: Azure Recommendations -description: This topic describes how to optimize cloud costs using asset governance. -# sidebar_position: 2 ---- - -Recommendations help kickstart your journey with governance. Essentially, Harness runs certain policies behind the scenes to generate recommendations for your governance-enabled Azure subscriptions. These policies not only help to cut costs but also increase the efficiency of your system. On the Governance Overview page, Harness showcases recommendations that will benefit you to save costs on associated resources. You can click on any recommendation to view its details. - - -## Governance Recommendation Insights - -Harness CCM now provides users the ability to monitor Governance Recommendations through the new Recommendations Insights tab in the Governance module. - -This enhancement offers clear visibility into the evaluation status of each rule and provides detailed insights about the cloud account (connector) and region involved in generating the recommendations. - -This tab is designed to streamline troubleshooting and improve visibility into why recommendations may fail, be ignored, or succeed, enabling users to take immediate corrective actions when necessary. - -#### How It Works: -- Status Tracking: Each Recommendation Rule's status is displayed in the Recommendation Insights tab. -- Cloud Connector (Subscription ID): The specific cloud account associated with the rule. -- Region: The region for which the rule is evaluated. - -#### Error Notifications: -If any connector and region combination encounters an issue, the system flags it with a Failed status. -The UI displays a detailed error message to assist in resolving the issue quickly. - -#### Status Breakdown: - -1. **Failed Status :** A failed status indicates one of the following scenarios: - -- Missing Permissions: The necessary permissions required for Harness to get or list resources are not provided. -- Harness Internal Error: A system-level issue occurred during processing. - -2. **Ignored Status :** An ignored status indicates one of the following scenarios: - -- No Cost Data Available: Billing connector setup at Harness is missing cost data for the target cloud account. -- Cost Threshold Not Met: Cost is less than $300 for the combination of subscription x region. -- Invalid Region: The regions found in cost data is not valid to run against Governance Rule. - -3. **Success Status :** A successful status indicates one of the following scenarios: - -- Recommendation Generated: The system successfully evaluated the rule and created a recommendation. -- No Resources in Evaluation: The rule was evaluated, but there were no resources found. -- Savings Below Threshold: A recommendation was generated, but the potential savings were calculated to be less than $10. - -## Recommendations - -### Granular Recommendations - -Cloud Asset Governance provides valuable recommendations, but when it comes to operationalizing them at scale, it might become challenging. Additionally, when using shared cloud accounts across teams, subscription-level recommendations might not work out.With Granular Recommendations, Governance recommendations will now be generated at the individual resource level, ensuring greater granularity and actionable insights for both custom and out-of-the-box (OOTB) recommendations. This enhancement simplifies implementation and tracking, enabling customers to address governance issues more effectively at scale. - -#### Enabling Granular Recommendations - - - -Owing to this, now, while adding a recommendation to Ignore List, users have the option to specify the scope at which the users want to ignore the recommendation. The scope can be either at: - -- Rule-level -- Rule-level + Subscription/Region-level -- Rule-level + Subscription/Region-level + Resource-level. - - - -### Recommendation: delete-low-utilized-azure-cosmodb -**Description:** Delete low utilised CosmosDB based on total requests in last 72 hours. - -**Policy Used:** -```yaml -policies: - - name: delete-low-utilized-azure-cosmodb - resource: azure.cosmosdb - description: | - Delete low utilised CosmosDB based on total requests in last 72 hours - filters: - - type: metric - metric: TotalRequests - op: le - aggregation: total - threshold: 1000 - timeframe: 72 - actions: - - type: delete -``` -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. - ---- - -### Recommendation: delete-unattached-azure-disk -**Description:** Delete all unattached disks. - -**Policy Used:** -```yaml -policies: - - name: delete-unattached-azure-disk - resource: azure.disk - description: | - Delete all unattached disks - filters: - - type: value - key: properties.diskState - value: Unattached - actions: - - type: delete -``` - -**Savings Computed:** The recommendation identifies a list of resources; to calculate potential savings, the costs of all resources over the last 30 days are summed together and that is shown as the potential savings. - -**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. - ---- - -### Recommendation: delete-low-utilized-azure-load-balancer -**Description:** Delete all low utilised load balancers where packet count is less than 1000 in last 72 hours. - -**Policy Used:** -```yaml -policies: - - name: delete-low-utilized-azure-load-balancer - resource: azure.loadbalancer - description: | - Delete all low utilised load balancers where packet count is less than 1000 in last 72 hours - filters: - - type: metric - metric: PacketCount - op: le - aggregation: total - threshold: 1000 - timeframe: 72 - actions: - - type: delete -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. - ---- - -### Recommendation: delete-orphaned-azure-networkinterface -**Description:** Delete network interface which are not attached to virtual machine. - -**Policy Used:** -```yaml -policies: - - name: delete-orphaned-azure-networkinterface - resource: azure.networkinterface - description: | - Delete network interface which are not attached to virtual machine - filters: - - type: value - key: properties.virtualMachine - value: null - actions: - - type: delete -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. - ---- - -### Recommendation: stop-underutilized-azure-vm -**Description:** Stop underutilised virtual machines with average CPU utilisation less than 5% in last 72 hours. - -**Policy Used:** -```yaml -policies: - - name: stop-underutilized-azure-vm - resource: azure.vm - description: | - Stop underutilised virtual machines with average CPU utilisation less than 5% in last 72 hours - filters: - - type: metric - metric: Percentage CPU - op: le - aggregation: average - threshold: 5 - timeframe: 72 - actions: - - type: stop -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. - ---- - -### Recommendation: delete-low-utilized-azure-keyvault -**Description:** Delete KeyVaults with less than 10 API hits in last 72 hours. - -**Policy Used:** -```yaml -policies: - - name: delete-low-utilized-azure-keyvault - resource: azure.keyvault - description: | - Delete KeyVaults with less than 10 API hits in last 72 hours - filters: - - type: metric - metric: ServiceApiHit - aggregation: total - op: lt - threshold: 10 - timeframe: 72 - actions: - - type: delete -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. - ---- - -### Recommendation: delete-low-utilized-azure-sqlserver -**Description:** Delete SQL servers with less than 10% average DTU consumption over last 72 hours. - -**Policy Used:** -```yaml -policies: - - name: delete-low-utilized-azure-sqlserver - resource: azure.sqlserver - description: | - Delete SQL servers with less than 10% average DTU consumption over last 72 hours - filters: - - type: metric - metric: dtu_consumption_percent - aggregation: average - op: lt - threshold: 10 - timeframe: 72 - filter: "DatabaseResourceId eq '*'" - actions: - - type: delete -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. - ---- - -### Recommendation: delete-unattached-azure-publicip -**Description:** Delete public ip which are not attached to any network interface. - -**Policy Used:** -```yaml -policies: - - name: delete-unattached-azure-publicip - resource: azure.publicip - description: | - Delete public ip which are not attached to any network interface - filters: - - type: value - key: properties.ipConfiguration - value: null - actions: - - type: delete -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. - ---- - -### Recommendation: delete-low-utilized-azure-datalake -**Description:** Delete all Datalake Stores with less than 1000 read requests or 1000 write requests in the last 72 hours. - -**Policy Used:** -```yaml -policies: - - name: delete-low-utilized-azure-datalake - resource: azure.datalake - description: | - Delete all Datalake Stores with less than 1000 read requests or 1000 write requests in the last 72 hours - filters: - - or: - - type: metric - metric: ReadRequests - op: le - aggregation: total - threshold: 1000 - timeframe: 72 - - type: metric - metric: WriteRequests - op: le - aggregation: total - threshold: 100 - timeframe: 72 - actions: - - type: delete -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. - ---- - -### Recommendation: delete-unused-azure-postgresql-server -**Description:** Delete PostgreSQL Servers that have had zero active connections in the last 72 hours. - -**Policy Used:** -```yaml -policies: - - name: delete-unused-azure-postgresql-server - resource: azure.postgresql-server - description: | - Delete PostgreSQL Servers that have had zero active connections in the last 72 hours - filters: - - type: metric - metric: active_connections - op: eq - threshold: 0 - timeframe: 72 - actions: - - type: delete -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. - ---- - -### Recommendation: delete-orphaned-azure-appserviceplan -**Description:** Delete orphaned(numberOfSites=0) application service plan - -**Policy Used:** -```yaml -policies: - - name: delete-orphaned-azure-appserviceplan - resource: azure.appserviceplan - description: | - Delete orphaned(numberOfSites=0) application service plan - filters: - - type: value - key: properties.numberOfSites - op: eq - value: 0 - actions: - - delete -``` - -**Savings Computed:** The recommendation identifies a list of resources; to calculate potential savings, the costs of all resources over the last 30 days are summed together and that is shown as the potential savings. - -**Permissions Required:** To execute the action section of the custodian policy, the Contributor Role is required, whereas the Reader Role suffices for generating recommendations. - -## Custom Policies - -1. Find SQL Databases with a monthly long term backup retention period more than one year -``` -policies: - - name: long-term-backup-retention - resource: azure.sqldatabase - filters: - - type: long-term-backup-retention - backup-type: monthly - op: gt - retention-period: 1 - retention-period-units: year -``` - -2. Filter to select all virtual machines that are not running: - -``` -policies: - - name: stopped-vm - resource: azure.vm - filters: - - type: instance-view - key: statuses[].code - op: not-in - value_type: swap - value: "PowerState/running" -``` - -3. Removes all empty resource groups from the subscription: - -``` -policies: - - name: rg-remove-empty - description: | - Removes any empty resource groups from subscription - resource: azure.resourcegroup - filters: - - type: empty-group - actions: - - type: delete - -``` - -4. Restricts access to storage accounts with specified ip rules to only the ips specified: -``` -policies: - - name: storage-block-public-access - description: | - Blocks public access to storage accounts with defined IP access rules. - resource: azure.storage - - filters: - - type: value - key: properties.networkAcls.ipRules - value_type: size - op: ne - value: 0 - - actions: - - type: set-firewall-rules - default-action: Deny - ip-rules: [] -``` - -5. Find all SQL databases with Premium SKU: - -``` -policies: - - name: sqldatabase-with-premium-sku - resource: azure.sqldatabase - filters: - - type: value - key: sku.tier - op: eq - value: Premium - -``` - diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/azure/harness-concepts.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/azure/harness-concepts.md deleted file mode 100644 index 9a70c12eb43..00000000000 --- a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/azure/harness-concepts.md +++ /dev/null @@ -1,279 +0,0 @@ ---- -title: Harness Concepts -description: This topic describes how to optimize cloud costs using asset governance. -# sidebar_position: 2 ---- - - -# Harness Concepts: Rules, Rule Sets, Enforcements and Evaluations to optimise cloud costs - -## Rules - -Rules help you set up Asset Governance for your cloud provider. A Rule is essentially a small file with a set of logic that you can run on your cloud infrastructure. For example, there might be a scenario in which you want to delete all low utilised load balancers where packet count is less than 1000 in last 72 hours on Azure. In such a case, we write and run a rule which does this for us. - -Ideally, rules include policy, resource, filters, and actions. - -- A **policy** is defined in YAML format and consists of filters and actions that are applied to a specific type of cloud resource. - -- A **resource** is the type of cloud resource or service on which the rule will be run with the actions and filters, such as Azure VMs, AKS, Cosmos DB, etc. - -- A **filter**, as the name suggests, is a criteria used to narrow down the results based on the attributes. These attributes can include anything such as tags, metadata, or any other resource property provided by you. When the filter is applied, only those resources that match the criteria specified in the filter are given as a result. - -- **Actions** are operations performed on the filtered resources. Actions include things like terminating an azure vm, deleting an azure storage-container, or sending an email notification. - - - -So essentially, **a Rule is a file that includes logic defined by a policy that performs certain actions on the resource based on the filters provided by the user**. Rules can include multiple policies, and policies include resource, filters and actions. - - - -:::important note -Number of Rules per Account[Custom + OOTB] can be 300. -::: - -### Create a new Rule - -1. In **Harness**, go to **Cloud Costs**. -2. Select **Asset Governance**. -3. Select **Rules**. -4. Select **+ New Rule**. - - - - -5. Enter a name for the rule. -6. Select the cloud provider. Also, enter Savings prediction in percentage (optional). This custom percentage will be honored during savings computation. -7. Optionally, enter a description of the rule. -8. Select **Apply**. -9. Enter the YAML policy in the rule editor. -10. Select **Save**. If the policy is invalid, an error message is displayed. - -10. Select the **Account** and the **Region** from the dropdown list in the Test Terminal. -11. Select **Dry Run** to view the instances or services that will be acted upon when you enforce the rule. -12. After evaluating the output, select **Run Once** to execute the rule. - - - -:::info -Harness provides some out-of-the-box policies for azure.vm, azure.disk, azure.cosmosdb, etc. that can be enforced. These policies cannot be edited but can be cloned. -::: -### Update a Rule - -You can view the Rules on the Asset Governance Rules page. You can click on Edit button from the vertical ellipsis menu (⋮) to edit a Rule or simply click on the Rule to open Rule editor and then make changes. - -### Delete a Rule - -To delete a Rule Set, click on Delete from the vertical ellipsis menu (⋮). - - - -:::info -We now have Terraform support for managing Governance Rules. Please see [here](https://registry.terraform.io/providers/harness/harness/latest/docs/resources/governance_rule) for more details. -::: - -## Rule Sets - -As mentioned previously, a Rule can have multiple policies. However, when there are multiple rules with multiple policies, it can become hard to manage them all together. This is where **Rule Sets** can be used. Rule sets serve as logical bindings on top of individual rules that help you organize and manage rules. By organizing rules into sets, organizations improve accessibility and simplify maintenance, as enforcements can be made against the entire rule set rather than individual rules. - - - - -### Create a new Rule Set - -To create a Rule Set, perform the following steps: - -1. In **Harness**, go to **Cloud Costs**. -2. Select **Asset Governance**. -3. Select **Rules**. -4. Select the **Rule Sets** tab. -5. Select **+ New Rule Set**. -6. Enter a name for the rule set. -7. Optionally, enter a description of the rule set. -8. Select the cloud provider. -9. Select the rules that you want to add to the rule set. -10. Select **Create Rule Set**. -The rule set is created successfully. - - - - - - -11. You can view the rule set on the **Asset Governance Rules** page. Expand the rule set to view the individual rules in the rule set. -12. Select **Enforce Rule Set** in the Enforcements column to enforce this rule set. - -### Update a Rule Set - -You can view the Rule Set on the Asset Governance Rules page. Expand the rule set to view the individual rules in the rule set. You can click on Edit button from the vertical ellipsis menu (⋮) to edit the rule set. - -### Delete a Rule Set -To delete a Rule Set, click on Delete from the vertical ellipsis menu (⋮). - - - - :::info -We now have Terraform support for managing Governance RuleSets. Please see [here](https://registry.terraform.io/providers/harness/harness/latest/docs/resources/governance_rule_set) for more details. -::: - -## Enforcements - -:::info -Each enforcement can now have up to **10,000 evaluations**. The cap is calculated as `Rules × Accounts × Regions` and replaces the earlier individual limits on rules, rule sets, accounts, or regions. -::: - -Enforcements enable you to enforce a certain set of Rules or Rule Sets (also known as governance guardrails) against a specific set of targets (accounts, projects, or subscriptions) to run periodically. Sometimes, we need rules to run periodically, such as every day, week, or month. However, running these rules manually every day or week at a specified time creates extra overhead and is a slow process prone to manual errors. To solve this, Enforcements allow users to set up a timely schedule and choose the day, time, and frequency for their rules or rule sets. - -For example, a user can create an Enforcement to schedule the deletion of all unattached disks. This Enforcement will run on the **days specified by the user**, at the **specified time**, and with the **specified frequency (hourly, daily, monthly**). For instance, you could set it to run daily at 2:00 AM to ensure that any unattached disks meeting the criteria are removed. Alternatively, you might choose to run it hourly during peak usage times, or monthly for less critical cleanup tasks. - -While setting up a new Enforcement, you can select the following: -- **Cloud provider**: Currently we support AWS, Azure and GCP. -- **Rules/ Rule Sets**: You can select the Rules or Rule Sets that your Enforcement will consist of. -- **Target Accounts and Regions**: The target accounts and regions that you will be running the Enforcements on. -- **Frequency**: The frequency for running the Enforcement. Currently, it can be set for hourly, daily or weekly. -- **Time**: After setting the frequency, you can choose the time at which it runs. -- **Dry Run Mode**: You can choose to run your Enforcement in Dry Run mode which will generate a simulation of the rule enforcement instead of performing actions. - - - - -### Create a new Enforcement -To create an Enforcement, perform the following steps: - -1. In your **Harness** application, go to **Cloud Costs**. -2. Select **Asset Governance**. -3. Select **Enforcements**. -4. Select **+ New Enforcement**. -5. Enter a name for the Enforcement. -6. Optionally, enter a description of the Enforcement. -7. Select the cloud provider. -8. Select the Rules or Rule Sets that you want to enforce. You can use the **Search** box if you have multiple rules and are looking to enforce a particular rule or rule set. -9. Select **Continue**. - - - - -10. Select the target accounts and target regions. You could select multiple accounts and regions. -11. Set the frequency from **Hourly**, **Daily**, or **Weekly** options. In case you select Daily or Weekly, specify the day, time, and time zone to run the rule on schedule. -12. Toggle the **Dry Run** mode if you do not want to take action immediately. -13. Select **Finish**. - - - -After setting up the schedule, you can view the Enforcement on the **Enforcements** page. - - - -Furthermore, you can disable the Enforcement at any time using the toggle button in the **Status** column. If you want to turn off the dry-run mode, select **Edit** from the vertical ellipsis menu (⋮) then go to "Target And Schedule", use slider to turn off "Enforce Rule(s) in Dry Run mode" and click on Finish. - -### Update an Enforcement - -You can view any Enforcements on Rule Enforcements page. Click on the enforcement to view details such as the rules, target accounts, and regions included in the enforcement. For updating, you can use the "Edit" button from the vertical ellipsis menu (⋮) to update the enforcements as per your convenience. - -### Delete an Enforcement - -To delete an enforcement, simply click on “Delete” from the vertical ellipsis menu (⋮). - - - -:::info -We now have Terraform support for managing Governance Enforcements. Please see [here](https://registry.terraform.io/providers/harness/harness/latest/docs/resources/governance_rule_enforcement) for more details. -::: - - -## Evaluations - -Evaluations include all the data about enforcements run (both RUN ONCE from rule editor and from Enforcement). The Evaluations window also shows you the total cost impact with each Enforcement i.e. the costs or spendings associated with each Evaluation along with the last time that Rule/Rule set was enforced. With Evaluations, you can view and audit all the Enforcements that ran in the past. - -Harness CCM also supports multiple statuses for evaluations. Currently CCM supports three statuses for an evaluation: - -- Success: If the evaluation is completed without any errors, the status of the evaluation is shown as "Successful". -- Failure: If the evaluation is not completed and has errors, the status of the evaluation is shown as "Failure". -- Partial Success: If the evaluation is successful without any Harness errors but Cloud Custodian has additional logs and/or in case of multi-policy evaluations, if the evaluation was successful only for a subset of resources, the status is shown as "Partial Success". - - - - -### View Evaluations - -1. In your **Harness** application, go to **Cloud Costs**. -2. Select **Asset Governance**. -3. Select **Evaluations**. -4. You can see all the Evaluations of Rules listed on the window. -4. Select the rule for which you want to view the Evaluation details. The target subscription, region, identified resources and evaluation logs are displayed. - -In the output window, users can see the resources identified in form of a Table or JSON. The table view supports all the filters and flattening of the table is supported as well. That essentially means, nested propoerties are flattened. By default, nested objects and arrays are collapsed and can be expanded upto two levels. Further nested properties are shown as formatted JSON. - - - - -### Filters in Evaluations List Page - -You can create filters to view selected rules: - -1. Select the filter icon. -2. Enter a name. -3. Select who can edit and view the filter. -4. Select one or more of the following criteria to filter the results: - * Rules - * Rule Sets - * Enforcements - * Minimum Cost Impact ($) - * Cloud Provider - * Azure Filters - - Azure Subscription - - Target Regions - -5. Select **Apply**. - - - -:::important note -Number of evaluations for which we can compute cost impact is 1,50,000/ Day. -::: - -### Bulk Export Evaluations - -Use **Bulk Export** to download up to 100 evaluation results (AWS, GCP, or Azure) in a single ZIP file. Export is available when all selected evaluations are in a terminal state (Succeeded or Failed). - -**How to export** -1. Click **Export**. -2. Choose the artefacts to include: - - `metadata.json`: summary of each evaluation - - `resources.json`: resources identified - - `custodian-run.log`: execution log - - `actioned-resources.json`: resources acted on -3. Click **Generate Report**. - -The ZIP file is organised by evaluation ID (or by policy sub-folders for multi-policy runs) so you can quickly locate results. You can also export from the **Test Terminal** when evaluating multiple targets. - - - -## Testing Terminal - -In the rule editor, a test terminal is present for users to see the output in the terminal itself upon evaluating a Rule. This is done to ensure that users can run the rules and try accordingly to check how the output would look on the selected subscription and region. There are two options: first, to select the target subscription and second, to select the regions. After providing the relevant inputs, the users can select either to dry run the rule first, run it once or enforce the rule. - - - -After this, the resources identified are shown on the output terminal in JSON format. With this output, users can perform different actions like searching, downloading, filtering, sorting and picking. - - - -#### Searching in Output Terminal -After the output is rendered, users can search for any keywords in the output terminal. This streamlines troubleshooting and debugging processes and helps to efficiently locate required information amidst large volumes of output data. - -#### Zip Downloads -The JSON output can be downloaded in either JSON format or a CSV format(original or flatted) into a single zip archive. - -#### JSON Filtering -The output can be filtered based on the keys present in the JSON output. Currently, filtering on the basis of `==`, `!=`, `<`, `<=`, `>`, `>=` is supported in terms of numeric key values and if the key's value is a string, string matching using `LIKE` is supported. This feature enables users to extract specific fields, filter out irrelevant data, and perform relevant queries on JSON datasets. - -#### Sorting -The output can be sorted based on the keys present in the JSON output in either an `ASCENDING` or `DESCENDING` manner. - -#### Pick -If output needs to be streamlined and only a few keys-value pairs are required, 'Pick' functionality can be used. Using this, users can pick only the required keys and see the data associated with them in the output. - -:::info -If multiple Regions and/or multiple Subscriptions are selected, the Output Terminal will render the links to the Evaluations page for all the individual evaluations per Subscription-Region pair. From that page, upon clicking on individual evaluations, detailed output and logs can be seen. -::: - diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/cag-aida/_category_.json b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/cag-aida/_category_.json deleted file mode 100644 index 09ce4a04ffa..00000000000 --- a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/cag-aida/_category_.json +++ /dev/null @@ -1 +0,0 @@ -{"label": "Harness AIDA for asset governance", "collapsible": "true", "collapsed": "true", "className": "red", "link": {"type": "generated-index", "title": "Harness AIDA for asset governance"}, "customProps": {"position": "20", "helpdocs_category_id": "iul2qmg1yk"}} \ No newline at end of file diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/cag-aida/finops-agent.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/cag-aida/finops-agent.md deleted file mode 100644 index db54d703863..00000000000 --- a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/cag-aida/finops-agent.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: Overview of FinOps Agent for Asset Governance -sidebar_label: FinOps Agent -description: This topic explains the FinOps Agent for cloud asset governance. -# sidebar_position: 1 ---- - -Harness CCM Asset Governance now comes with FinOps Agent - a smart AI agent that analyses account data to create enforcements which can then be edited, customised and applied by users as per their needs. This agent shows all the recommended enforcements and the rules associated with them in an effort to maximize cost savings. - -All Enforcements generated by the Agent are marked as "Draft Enforcements" and every draft enforcement can be edited by the user to customize them according to the user's needs. The user can accept the enforcement or choose to dismiss it. After accepting the draft enforcement, it will move to enforcements list. - -Here is a brief walkthrough: - -#### Interactive walkthrough for the same: - - diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/cag-aida/gen-ai-overview.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/cag-aida/gen-ai-overview.md deleted file mode 100644 index 79da7498b62..00000000000 --- a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/cag-aida/gen-ai-overview.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: Overview of Harness AIDA for asset governance -sidebar_label: Overview -description: This topic explains the advantages of using Harness AIDA for cloud asset governance. -# sidebar_position: 1 ---- - - -import Intro from '/docs/cloud-cost-management/shared/ccm-aida-overview-partial.md'; - - - - - - - diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/cag-aida/gen-ai-use.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/cag-aida/gen-ai-use.md deleted file mode 100644 index 243a96df3e7..00000000000 --- a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/cag-aida/gen-ai-use.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Use Harness AIDA to optimize cloud costs -sidebar_label: Create rules with Harness AIDA -description: This topic describes how to create rules and view rule descriptions by using Harness AI Development Assistant (AIDA). -# sidebar_position: 1 ---- - -This topic explains how to create rules and view rule descriptions by using Harness AI Development Assistant (AIDA:tm:). - -You must [enable AIDA in your Harness account](/docs/platform/harness-aida/aida-overview#enable-aida) to access this functionality. - -## Create a rule by using Harness AIDA - - -import Create from '/docs/cloud-cost-management/shared/ccm-aida-create-rule-partial.md'; -import View from '/docs/cloud-cost-management/shared/ccm-aida-view-rule-partial.md'; - - - - -## View rule description by using Harness AIDA - - diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/gcp/_category_.json b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/gcp/_category_.json deleted file mode 100644 index 521b2ae40a0..00000000000 --- a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/gcp/_category_.json +++ /dev/null @@ -1 +0,0 @@ -{"label": "Governance for GCP", "collapsible": "true", "collapsed": "true", "className": "red", "link": {"type": "generated-index", "title": "Asset governance for GCP"}, "customProps": {"position": "20"}} \ No newline at end of file diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/gcp/gcp-recommendations.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/gcp/gcp-recommendations.md deleted file mode 100644 index 328573327fd..00000000000 --- a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/gcp/gcp-recommendations.md +++ /dev/null @@ -1,707 +0,0 @@ ---- -title: GCP Recommendations -description: This topic describes how to optimize cloud costs using asset governance. -# sidebar_position: 2 ---- - -Recommendations help kickstart your journey with governance. Essentially, Harness runs certain policies behind the scenes to generate recommendations for your governance-enabled GCP projects. These policies not only help to cut costs but also increase the efficiency of your system. On the Governance Overview page, Harness showcases recommendations that will benefit you to save costs on associated resources. You can click on any recommendation to view its details. - -:::tip Enable APIs -Before recommendations can run, make sure the required Google Cloud APIs are enabled for each project. See [Enable required Google Cloud APIs for Governance](/docs/cloud-cost-management/get-started/onboarding-guide/set-up-cost-visibility-for-gcp#enable-required-google-cloud-apis-for-governance). -::: - -## Governance Recommendation Insights - -Harness CCM now provides users the ability to monitor Governance Recommendations through the new Recommendations Insights tab in the Governance module. - -This enhancement offers clear visibility into the evaluation status of each rule and provides detailed insights about the cloud account (connector) and region involved in generating the recommendations. - -This tab is designed to streamline troubleshooting and improve visibility into why recommendations may fail, be ignored, or succeed, enabling users to take immediate corrective actions when necessary. - -#### How It Works: -- Status Tracking: Each Recommendation Rule's status is displayed in the Optimization tab. -- Cloud Connector (Project ID): The specific cloud account associated with the rule. -- Region: The region for which the rule is evaluated. - -#### Error Notifications: -If any connector and region combination encounters an issue, the system flags it with a Failed status. -The UI displays a detailed error message to assist in resolving the issue quickly. - -#### Status Breakdown: - -1. **Failed Status :** A failed status indicates one of the following scenarios: - -- Missing Permissions: The necessary permissions required for Harness to get or list resources are not provided. -- Harness Internal Error: A system-level issue occurred during processing. - -2. **Ignored Status :** An ignored status indicates one of the following scenarios: - -- No Cost Data Available: Billing connector setup at Harness is missing cost data for the target cloud account. -- Cost Threshold Not Met: Cost is less than $300 for the GCP project. -- Invalid Region: The regions found in cost data is not valid to run against Governance Rule. - -3. **Success Status :** A successful status indicates one of the following scenarios: - -- Recommendation Generated: The system successfully evaluated the rule and created a recommendation. -- No Resources in Evaluation: The rule was evaluated, but there were no resources found. -- Savings Below Threshold: A recommendation was generated, but the potential savings were calculated to be less than $10. - -## Recommendations - -### Granular Recommendations - -Cloud Asset Governance provides valuable recommendations, but when it comes to operationalizing them at scale, it might become challenging. Additionally, when using shared cloud accounts across teams, project-level recommendations might not work out. With Granular Recommendations, Governance recommendations will now be generated at the individual resource level, ensuring greater granularity and actionable insights for both custom and out-of-the-box (OOTB) recommendations. This enhancement simplifies implementation and tracking, allowing customers to take more effective action on governance recommendations at scale. - -#### Enabling Granular Recommendations - - - -Owing to this, now, while adding a recommendation to Ignore List, users have the option to specify the scope at which the users want to ignore the recommendation. -The scope can be either at: - -- Rule-level -- Rule-level + Project-level -- Rule-level + Project-level + Resource-level. - - - - - -### Recommendation: delete-idle-gcp-image -**Description:** Delete GCP recommended idle images - -**Policy Used:** -```yaml -policies: - - name: delete-idle-gcp-image - description: | - Delete GCP images which are not used to create a disk for at least 15 days and not used in any instance template. - These idle images are fetched from GCP recommender. - resource: gcp.image - filters: - - type: recommend - id: google.compute.image.IdleResourceRecommender - actions: - - type: delete -``` -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** -- Dry Run: `recommender.computeImageIdleResourceRecommendations.list` -- Run Once: - - `recommender.computeImageIdleResourceRecommendations.list` - - `compute.images.delete` - ---- - -### Recommendation: delete-never-attached-gcp-disk -**Description:** Delete GCP recommended idle persistent disks which were never attached to a VM and is blank - -**Policy Used:** -```yaml -policies: - - name: delete-never-attached-gcp-disk - description: | - Delete GCP disks which are created at least 15 days ago and never attached to a VM and is blank. - These idle disks are fetched from GCP recommender. - resource: gcp.disk - filters: - - type: recommend - id: google.compute.disk.IdleResourceRecommender - - type: value - key: lastAttachTimestamp - value: - op: eq - actions: - - type: delete -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** -- Dry Run: `recommender.computeDiskIdleResourceRecommendations.list` -- Run Once: - - `recommender.computeDiskIdleResourceRecommendations.list` - - `compute.disks.delete` - ---- - -### Recommendation: stop-forever-running-gcp-instance -**Description:** Stop the gcp instances that have an uptime greater than 30 days. - -**Policy Used:** -```yaml -policies: - - name: stop-forever-running-gcp-instance - description: | - Stop the gcp instances that have an uptime greater than 30 days. - resource: gcp.instance - filters: - - type: metrics - name: compute.googleapis.com/instance/uptime_total - aligner: ALIGN_NONE - value: 2592000 - op: greater-than - - type: value - key: status - value: "RUNNING" - op: eq - actions: - - type: stop -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** -- Dry Run: - - `compute.instances.list` - - `monitoring.timeSeries.list` - -- Run Once: - - `compute.instances.list` - - `monitoring.timeSeries.list` - - `compute.instances.stop` - ---- - -### Recommendation: delete-old-gcp-snapshot -**Description:** Delete gcp snapshots older than 14 days. - -**Policy Used:** -```yaml -policies: - - name: delete-old-gcp-snapshot - resource: gcp.snapshot - description: | - Delete gcp snapshots older than 14 days. - filters: - - type: value - key: creationTimestamp - op: greater-than - value_type: age - value: 14 - actions: - type: delete -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** -- Dry Run: - - `compute.snapshots.list` - -- Run Once: - - `compute.snapshots.list` - - `compute.snapshots.delete` - ---- - -### Recommendation: stop-underutilized-gcp-instance -**Description:** Stop underutilised instances with average CPU utilisation less than 5% in last 3 days. - -**Policy Used:** -```yaml -policies: - - name: stop-underutilized-gcp-instance - resource: gcp.instance - description: Stop underutilised instances with average CPU utilisation less than 5% in last 3 days - filters: - - type: metrics - name: compute.googleapis.com/instance/cpu/utilization - aligner: ALIGN_MEAN - days: 3 - value: 5 - op: less-than - - type: value - key: status - value: "RUNNING" - op: eq - actions: - - type: stop -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** -- Dry Run: - - `compute.instances.list` - - `monitoring.timeSeries.list` - -- Run Once: - - `compute.instances.list` - - `monitoring.timeSeries.list` - - `compute.instances.stop` - ---- - - -### Recommendation: stop-underutilized-gcp-sql-instance -**Description:** Stop underutilised sql instances with average CPU utilisation less than 5% in last 3 days - -**Policy Used:** -```yaml -policies: - - name: stop-underutilized-gcp-sql-instance - resource: gcp.sql-instance - description: | - Stop underutilised sql instances with average CPU utilisation less than 5% in last 3 days - filters: - - type: metrics - name: cloudsql.googleapis.com/database/cpu/utilization - aligner: ALIGN_MEAN - days: 3 - value: 5 - op: less-than - actions: - - type: stop -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** -- Dry Run: - - `cloudsql.instances.list` - - `monitoring.timeSeries.list` - -- Run Once: - - `cloudsql.instances.list` - - `monitoring.timeSeries.list` - - `cloudsql.instances.update` - ---- - -### Recommendation: snapshot-and-delete-unattached-gcp-disk -**Description:** Snapshot and delete GCP recommended idle persistent disks which are unattached - -**Policy Used:** -```yaml -policies: - - name: snapshot-and-delete-unattached-gcp-disk - description: | - Snapshot and delete GCP disks which are detached for at least 15 days. - These idle disks are fetched from GCP recommender. - resource: gcp.disk - filters: - - type: recommend - id: google.compute.disk.IdleResourceRecommender - - type: value - key: lastAttachTimestamp - value: - op: ne - actions: - - type: snapshot - name_format: "{disk[name]:.50}-{now:%Y-%m-%d}" - - type: delete - -``` - -**Savings Computed:** Savings are considered as 35% of the total cost. Implementing this recommendation would result in 35% to 92% reduction in the maintenance cost of that disk. Thus, we have considered the minimum savings achievable, which is 35%. Ref: https://cloud.google.com/compute/docs/viewing-and-applying-idle-resources-recommendations - -**Permissions Required:** -- Dry Run: - - `recommender.computeDiskIdleResourceRecommendations.list` - -- Run Once: - - `recommender.computeDiskIdleResourceRecommendations.list` - - `compute.disks.delete` - ---- - -### Recommendation: delete-idle-gcp-gke-cluster -**Description:** List GCP Idle GKE Clusters Recommendations - -**Policy Used:** -```yaml -policies: - - name: delete-idle-gcp-gke-cluster - description: | - List GCP Idle GKE Clusters Recommendations - resource: gcp.gke-cluster - filters: - - type: recommend - id: google.container.DiagnosisRecommender - actions: - - type: delete -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. - -**Permissions Required:** -- Dry Run: - - `recommender.containerDiagnosisInsights.list` - - `container.clusters.list` - -- Run Once: - - `recommender.containerDiagnosisInsights.list` - - `container.clusters.list` - - `container.clusters.delete` - ---- -### Recommendation: list-cost-recommendations-gcp-cloud-run-service -**Description:** - -**Policy Used:** -```yaml -policies: - - name: list-cost-recommendations-gcp-cloud-run-service - resource: gcp.cloud-run-service - description: | - List Cloud Run CPU Allocation Recommendations - filters: - - type: recommend - id: google.run.service.CostRecommender -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. - -**Permissions Required:** -- Dry Run: - - `recommender.runServiceCostRecommendations.list` - - `run.services.list` - -- Run Once: - - `recommender.runServiceCostRecommendations.list` - - `run.services.list` - ---- -### Recommendation: list-unused-gcp-bq-dataset -**Description:** List BigQuery datasets that haven't been accessed in the last 7 days. - -**Policy Used:** -```yaml -policies: - - name: list-unused-gcp-bq-dataset - resource: gcp.bq-dataset - description: | - List BigQuery datasets that haven't been accessed in the last 7 days. - filters: - - type: value - key: lastModifiedTime - op: less-than - value_type: age - value: 7 -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for the last 30 days. - -**Permissions Required:** -- Dry Run: - - `bigquery.datasets.get` - -- Run Once: - - `bigquery.datasets.get` - ---- -### Recommendation: delete-unused-gcp-function -**Description:** Delete Cloud Functions that haven't been invoked in the last 7 days to reduce costs. - -**Policy Used:** -```yaml -policies: - - name: delete-unused-gcp-function - resource: gcp.function - description: > - Delete Cloud Functions that haven't been invoked in the last 7 days to - reduce costs. - filters: - - type: metrics - name: cloudfunctions.googleapis.com/function/execution_count - metric-key: resource.labels.function_name - days: 7 - value: 0 - op: eq - actions: - - type: delete -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** -- Dry Run: - - `monitoring.timeSeries.list` - - `cloudfunctions.functions.list` - -- Run Once: - - `monitoring.timeSeries.list` - - `cloudfunctions.functions.list` - - `cloudfunctions.functions.delete` - ---- -### Recommendation: list-under-utilized-gcp-bucket -**Description:** List low utilized gcp buckets in last 7 days. - -**Policy Used:** -```yaml -policies: - - name: list-under-utilized-gcp-bucket - description: | - List low utilized gcp buckets in last 7 days. - resource: gcp.bucket - filters: - - type: metrics - name: storage.googleapis.com/network/sent_bytes_count - aligner: ALIGN_COUNT - days: 7 - value: 1024 - op: less-than - missing-value: 0 - - type: metrics - name: storage.googleapis.com/network/received_bytes_count - aligner: ALIGN_COUNT - days: 7 - value: 1024 - op: less-than - missing-value: 0 -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for last 30 days. - -**Permissions Required:** -- Dry Run: - - `monitoring.timeSeries.list` - - `storage.buckets.list` - -- Run Once: - - `monitoring.timeSeries.list` - - `storage.buckets.list` - ---- -### Recommendation: list-hanged-gcp-dataflow-job -**Description:** List Dataflow jobs that have been in an hanged state for more than 1 day. - -**Policy Used:** -```yaml -policies: - - name: list-hanged-gcp-dataflow-job - resource: gcp.dataflow-job - description: List Dataflow jobs that have been in an hanged state for more than 1 day. - filters: - - type: value - key: startTime - op: greater-than - value_type: age - value: 1 - - type: value - key: currentState - value: - - JOB_STATE_RUNNING - - JOB_STATE_DRAINING - - JOB_STATE_CANCELLING - -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for last 30 days. - -**Permissions Required:** -- Dry Run: - - `dataflow.jobs.list` - -- Run Once: - - `dataflow.jobs.list` - ---- -### Recommendation: delete-under-utilized-gcp-loadbalancer-address -**Description:** Delete all load balancers with low utilizations, where packet count is less than 1000 in the last 72 hours. - -**Policy Used:** -```yaml -policies: - - name: delete-under-utilized-gcp-loadbalancer-address - resource: gcp.loadbalancer-address - description: > - Delete all low utilized load balancers where packet count is less than - 1000 in last 72 hours - filters: - - type: metrics - name: compute.googleapis.com/instance/network/received_packets_count - metric-key: metric.labels.instance_name - aligner: ALIGN_COUNT - days: 3 - value: 1000 - op: le - actions: - - type: delete - -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up the cost of each resource for the last 30 days. - -**Permissions Required:** -- Dry Run: - - `monitoring.timeSeries.list` - - `compute.addresses.list` - -- Run Once: - - `monitoring.timeSeries.list` - - `compute.addresses.list` - - `compute.addresses.delete` - ---- -### Recommendation: list-under-utilized-gcp-redis -**Description:** List Redis instances with less than 5% CPU utilization over the last 7 days. - -**Policy Used:** -```yaml -policies: - - name: list-under-utilized-gcp-redis - resource: gcp.redis - description: List Redis instances with less than 5% CPU utilization in last 7 days - filters: - - type: metrics - name: redis.googleapis.com/stats/cpu_utilization - metric-key: resource.labels.instance_id - days: 7 - value: 0.05 - op: lte - -``` - -**Savings Computed:** The policy identifies a list of resources on which potential savings are calculated by summing up cost of each resource for the last 30 days. - -**Permissions Required:** -- Dry Run: - - `monitoring.timeSeries.list` - - `redis.instances.list` - -- Run Once: - - `monitoring.timeSeries.list` - - `redis.instances.list` - ---- - -## Custom Policies - -1. Check if an SSL Certificate is About to Expire: - -```yaml -policies: - - name: appengine-certificate-age - description: | - Check existing certificate - resource: gcp.app-engine-certificate - filters: - - type: value - key: expireTime - op: less-than - value_type: expiration - value: 60 - actions: - - type: notify - subject: Certificates expiring in 60 days - to: - - email@address - format: txt - transport: - type: pubsub - topic: projects/my-gcp-project/topics/my-topic -``` - -2. Delete Instance Templates with Wrong Settings: - -```yaml -vars: - # See https://cloud.google.com/compute/docs/machine-types - disallowed-machine-types: &disallowed-machine-types - - "f1-micro" - - "g1-small" - - "n1-highcpu-32" - - "n1-highcpu-64" - - "n1-highcpu-96" - -policies: - - name: gcp-instance-template-delete-disallowed-machine-types - resource: gcp.instance-template - filters: - - type: value - key: properties.machineType - op: in - value: *disallowed-machine-types - actions: - - type: delete -``` - -3. Notify if Logging is Disabled in DNS Policy: - -```yaml -policies: - - name: gcp-dns-policies-notify-if-logging-disabled - resource: gcp.dns-policy - filters: - - type: value - key: enableLogging - value: false - actions: - - type: notify - to: - - email@email - format: json - transport: - type: pubsub - topic: projects/cloud-custodian/topics/dns - -``` - -4. List Unsucessful Backups Older Than N Days: - -```yaml -policies: -- name: sql-backup-run - description: | - check basic work of Cloud SQL filter on backup runs: lists unsucessful backups older than 5 days - resource: gcp.sql-backup-run - filters: - - type: value - key: status - op: not-equal - value: SUCCESSFUL - - type: value - key: endTime - op: greater-than - value_type: age - value: 5 - actions: - - type: notify - to: - - email@address - # address doesnt matter - format: txt - transport: - type: pubsub - topic: projects/river-oxygen-233508/topics/first -``` - -5.Check for Hanged Job: - -```yaml -policies: - - name: gcp-dataflow-jobs-update - resource: gcp.dataflow-job - filters: - - type: value - key: startTime - op: greater-than - value_type: age - value: 1 - - type: value - key: currentState - value: [JOB_STATE_RUNNING, JOB_STATE_DRAINING, JOB_STATE_CANCELLING] - actions: - - type: notify - to: - - email@address - format: json - transport: - type: pubsub - topic: projects/cloud-custodian/topics/dataflow - -``` diff --git a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/gcp/harness-concepts.md b/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/gcp/harness-concepts.md deleted file mode 100644 index 829a413a0e6..00000000000 --- a/docs/cloud-cost-management/5-use-ccm-cost-governance/asset-governance/gcp/harness-concepts.md +++ /dev/null @@ -1,275 +0,0 @@ ---- -title: Harness Concepts -description: This topic describes how to optimize cloud costs using asset governance. -# sidebar_position: 2 ---- - - -# Harness Concepts: Rules, Rule Sets, Enforcements and Evaluations to optimise cloud costs - -## Rules - -Rules help you set up Asset Governance for your cloud provider. A Rule is essentially a small file with a set of logic that you can run on your cloud infrastructure. For example, there might be a scenario in which you want to delete all GCP snapshots older than 14 days. In such a case, we write and run a rule which does this for us. - -Ideally, rules include policy, resource, filters, and actions. - -- A **policy** is defined in YAML format and consists of filters and actions that are applied to a specific type of cloud resource. - -- A **resource** is a type of cloud resource or service on which the rule will be run with the actions and filters, such as GCP instance, snapshot, bucket, etc. - -- A **filter**, as the name suggests, is a criteria used to narrow down the results based on the attributes. These attributes can include anything such as tags, metadata, or any other resource property provided by you. When the filter is applied, only those resources that match the criteria specified in the filter are given as a result. - -- **Actions** are operations performed on the filtered resources. Actions include things like deleting unattached cloud routers, listing idle SQL instances, or deleting GCP snapshots. - - - -So essentially, **a Rule is a file that includes logic defined by a policy that performs certain actions on the resource based on the filters provided by the user**. Rules can include multiple policies, and policies include resource, filters and actions. - - - -:::important note -Number of Rules per Account[Custom + OOTB] can be 300. -::: - -### Create a new Rule - -1. In **Harness**, go to **Cloud Costs**. -2. Select **Asset Governance**. -3. Select **Rules**. -4. Select **+ New Rule**. - - - - -5. Enter a name for the rule. -6. Select the cloud provider. Also, enter Savings prediction in percentage (optional). This custom percentage will be honored during savings computation. -7. Optionally, enter a description of the rule. -8. Select **Apply**. -9. Enter the YAML policy in the rule editor. -10. Select **Save**. If the policy is invalid, an error message is displayed. - -10. Select the **Project** from the dropdown list in the Test Terminal. -11. Select **Dry Run** to view the instances or services that will be acted upon when you enforce the rule. -12. After evaluating the output, select **Run Once** to execute the rule. - - - -:::info -Harness provides some out-of-the-box policies for gcp.bucket, gcp.image, gcp.instance, gcp.router, etc. that you can enforce. These policies can only be cloned, not edited. -::: - -### Update a Rule - -You can view the Rules on the Asset Governance Rules page. You can click on Edit button from the vertical ellipsis menu (⋮) to edit a Rule or simply click on the Rule to open Rule editor and then make changes. - -### Delete a Rule - -To delete a **Rule Set**, click **Delete** from the vertical ellipsis menu (⋮). - - - -:::info -We now have Terraform support for managing Governance Rules. Please see [here](https://registry.terraform.io/providers/harness/harness/latest/docs/resources/governance_rule) for more details. -::: - - -## Rule Sets - -As mentioned earlier, a Rule can have multiple policies. However, when there are multiple rules with multiple policies, it can become hard to manage them all together. This is where **Rule Sets** can be used. Rule sets serve as logical bindings on top of individual rules that help you organize and manage rules. By organizing rules into sets, organizations improve accessibility and simplify maintenance, as enforcements can be made against the entire rule set rather than individual rules. - - - - -### Create a new Rule Set - -To create a Rule Set, perform the following steps: - -1. In **Harness**, go to **Cloud Costs**. -2. Select **Asset Governance**. -3. Select **Rules**. -4. Select the **Rule Sets** tab. -5. Select **+ New Rule Set**. -6. Enter a name for the rule set. -7. Optionally, enter a description of the rule set. -8. Select the cloud provider. -9. Select the rules that you want to add to the rule set. -10. Select **Create Rule Set**. -The rule set is created successfully. - - - - - - -11. You can view the rule set on the **Asset Governance Rules** page. Expand the rule set to view the individual rules in the rule set. -12. Select **Enforce Rule Set** in the Enforcements column to enforce this rule set.any - -### Update a Rule Set - -You can view the Rule Set on the Asset Governance Rules page. Expand the rule set to view the individual rules in the rule set. You can click on Edit button from the vertical ellipsis menu (⋮) to edit the rule set. - -### Delete a Rule Set -To delete a Rule Set, click on Delete from the vertical ellipsis menu (⋮). - - - - :::info -We now have Terraform support for managing Governance RuleSets. Please see [here](https://registry.terraform.io/providers/harness/harness/latest/docs/resources/governance_rule_set) for more details. -::: - - -## Enforcements - -:::info -Each enforcement can now have up to **10,000 evaluations**. The cap is calculated as `Rules × Accounts × Regions` and replaces the earlier individual limits on rules, rule sets, accounts, or regions. -::: - -Enforcements enable you to enforce a certain set of Rules or Rule Sets (also known as governance guardrails) against a specific set of targets (accounts, projects, or subscriptions) to run periodically. Sometimes, we need rules to run periodically, such as every day, week, or month. However, running these rules manually every day or week at a specified time creates extra overhead and is a slow process prone to manual errors. To solve this, you can use **Enforcements** that allow you to set up a timely schedule and choose the day, time, and frequency for their rules or rule sets. - -For example, a user can create an Enforcement to schedule the deletion of all GCP snapshots older than 14 days. This Enforcement will run on the **days specified by the user**, at the **specified time**, and with the **specified frequency (hourly, daily, monthly**). For instance, you could set it to run daily at 2:00 AM to ensure that any snapshots meeting the criteria are removed. Alternatively, you might choose to run it hourly during peak usage times, or monthly for less critical cleanup tasks. - -While setting up a new Enforcement, you can select the following: -- **Cloud provider**: Currently we support AWS, Azure and GCP. -- **Rules/ Rule Sets**: You can select the Rules or Rule Sets that your Enforcement will consist of. -- **Target Projects**: The target projects that you will be running the Enforcements on. -- **Frequency**: The frequency for running the Enforcement. Currently, it can be set for hourly, daily or weekly. -- **Time**: After setting the frequency, you can choose the time at which it runs. -- **Dry Run Mode**: You can choose to run your Enforcement in Dry Run mode which will generate a simulation of the rule enforcement instead of performing actions. - - - -### Create a new Enforcement -To create an Enforcement, perform the following steps: - -1. In your **Harness** application, go to **Cloud Costs**. -2. Select **Asset Governance**. -3. Select **Enforcements**. -4. Select **+ New Enforcement**. -5. Enter a name for the Enforcement. -6. Optionally, enter a description of the Enforcement. -7. Select the cloud provider. -8. Select the Rules or Rule Sets that you want to enforce. You can use the **Search** box if you have multiple rules and are looking to enforce a particular rule or rule set. -9. Select **Continue**. - - - -10. Select the target accounts. You could select multiple accounts. -11. Set the frequency from **Hourly**, **Daily**, or **Weekly** options. In case you select Daily or Weekly, specify the day, time, and time zone to run the rule on schedule. -12. Toggle the **Dry Run** mode if you do not want to take action immediately. -13. Select **Finish**. - - - -After setting up the schedule, you can view the Enforcement on the **Enforcements** page. - - - -Furthermore, you can disable the Enforcement at any time using the toggle button in the **Status** column. If you want to turn off the dry-run mode, select **Edit** from the vertical ellipsis menu (⋮) then go to "Target And Schedule", use slider to turn off "Enforce Rule(s) in Dry Run mode" and click on Finish. - -### Update an Enforcement - -You can view any Enforcements on Rule Enforcements page. Click on the enforcement to view details such as the rules and target projects included in the enforcement. For updating, you can use the "Edit" button from the vertical ellipsis menu (⋮) to update the enforcements as per your convenience. - -### Delete an Enforcement - -To delete an enforcement, simply click on “Delete” from the vertical ellipsis menu (⋮). - - - -:::info -We now have Terraform support for managing Governance Enforcements. Please see [here](https://registry.terraform.io/providers/harness/harness/latest/docs/resources/governance_rule_enforcement) for more details. -::: - -## Evaluations - -Evaluations include all the data about enforcements run (both RUN ONCE from rule editor and from Enforcement). The Evaluations window also shows you the total cost impact with each Enforcement i.e. the costs or spendings associated with each Evaluation along with the last time that Rule/Rule set was enforced. With Evaluations, you can view and audit all the Enforcements that ran in the past. - - -Harness CCM also supports multiple statuses for evaluations. Currently CCM supports three statuses for an evaluation: - -- Success: If the evaluation is completed without any errors, the status of the evaluation is shown as "Successful". -- Failure: If the evaluation is not completed and has errors, the status of the evaluation is shown as "Failure". -- Partial Success: If the evaluation is successful without any Harness errors but Cloud Custodian has additional logs and/or in case of multi-policy evaluations, if the evaluation was successful only for a subset of resources, the status is shown as "Partial Success". - - - - - -### View Evaluations - -1. In your **Harness** application, go to **Cloud Costs**. -2. Select **Asset Governance**. -3. Select **Evaluations**. -4. You can see all the Evaluations of Rules listed on the window. -4. Select the rule for which you want to view the Evaluation details. The target project, identified resources and evaluation logs are displayed. - - - - -### Filters in Evaluations List Page - -You can create filters to view selected rules: - -1. Select the filter icon. -2. Enter a name. -3. Select who can edit and view the filter. -4. Select one or more of the following criteria to filter the results: - * Rules - * Rule Sets - * Enforcements - * Minimum Cost Impact ($) - * Cloud Provider - * GCP Filters - - GCP Project - -5. Select **Apply**. - - - -:::important note -Number of evaluations for which we can compute cost impact is 1,50,000/ Day. -::: - -### Bulk Export Evaluations - -Use **Bulk Export** to download up to 100 evaluation results (AWS, GCP, or Azure) in a single ZIP file. Export is available when all selected evaluations are in a terminal state (Succeeded or Failed). - -**How to export** -1. Click **Export**. -2. Choose the artefacts to include: - - `metadata.json`: summary of each evaluation - - `resources.json`: resources identified - - `custodian-run.log`: execution log - - `actioned-resources.json`: resources acted on -3. Click **Generate Report**. - -The ZIP file is organised by evaluation ID (or by policy sub-folders for multi-policy runs) so you can quickly locate results. You can also export from the **Test Terminal** when evaluating multiple targets. - - - - -## Testing Terminal - -In the rule editor, a test terminal is present for users to see the output in the terminal itself upon evaluating a Rule. This is done to ensure that users can run the rules and try accordingly to check how the output would look on the selected project. After providing the relevant input, the users can select either to dry run the rule first, run it once or enforce the rule. - - - -After this, the resources identified are shown on the output terminal in JSON format. With this output, users can perform different actions like searching, downloading, filtering, sorting and picking. - - - -#### Searching in Output Terminal -After the output is rendered, users can search for any keywords in the output terminal. This streamlines troubleshooting and debugging processes and helps to efficiently locate required information amidst large volumes of output data. - -#### Zip Downloads -The JSON output can be downloaded in either JSON format or a CSV format(original or flatted) into a single zip archive. - -#### JSON Filtering -The output can be filtered based on the keys present in the JSON output. Currently, filtering on the basis of `==`, `!=`, `<`, `<=`, `>`, `>=` is supported in terms of numeric key values and if the key's value is a string, string matching using `LIKE` is supported. This feature enables users to extract specific fields, filter out irrelevant data, and perform relevant queries on JSON datasets. - -#### Sorting -The output can be sorted based on the keys present in the JSON output in either an `ASCENDING` or `DESCENDING` manner. - -#### Pick -If output needs to be streamlined and only a few keys-value pairs are required, 'Pick' functionality can be used. Using this, users can pick only the required keys and see the data associated with them in the output. - diff --git a/sidebars.ts b/sidebars.ts index 8378634448c..b658a1ff00b 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -1676,7 +1676,20 @@ const sidebars: SidebarsConfig = { }, { type: "category", + + label: "Asset Governance - New", + link: { + type: "generated-index", + }, + collapsed: true, + items: [ { type: "autogenerated", dirName: "cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new", } ], + }, + { + type: "category", + label: "Anomalies", + label: "Features of Database DevOps", + link: { type: "generated-index", slug:"/category/features-of-database-devops" @@ -1870,9 +1883,37 @@ const sidebars: SidebarsConfig = { }, ], }, + { + type: 'category', + label: 'Asset Governance - Option One', + link: { + type: 'generated-index', + }, + collapsed: true, + items: [ + { + type: 'autogenerated', + dirName: 'cloud-cost-management/5-use-ccm-cost-governance/asset-governance-new', + }, + ], + }, + { + type: 'category', + label: 'Asset Governance - Option Two', + link: { + type: 'generated-index', + }, + collapsed: true, + items: [ + { + type: 'autogenerated', + dirName: 'cloud-cost-management/5-use-ccm-cost-governance/asset-governance-option-two', + }, + ], + }, { type: 'html', - value: ' Cost Governance ', + value: 'Cost Governance', className: 'horizontal-bar', }, { @@ -2030,13 +2071,13 @@ const sidebars: SidebarsConfig = { collapsed: true, items: [ { - type: "html", - value: "New to STO?", - className: "horizontal-bar", + type: 'html', + value: 'New to STO?', + className: 'horizontal-bar', }, { type: 'category', - label: 'What`s Supported', + label: 'What\'s Supported', link: { type: 'generated-index', slug: '/category/sto-whats-supported', @@ -2059,9 +2100,9 @@ const sidebars: SidebarsConfig = { ], }, { - type: "html", - value: "Use STO", - className: "horizontal-bar", + type: 'html', + value: 'Use STO', + className: 'horizontal-bar', }, { type: 'category',