Skip to content
@cloudon-one

Cloudon-One

Tailored AWS&GCP Infrastructure and DevSecOps Solutions
README.md

CloudOn Infrastructure Management Suite

A comprehensive suite of tools and configurations for managing multi-cloud infrastructure, with focus on cost optimization, security, and automation.

📚 Repository Links

  • FinOps - Cost optimization and resource management tools
  • SecOps - Infrastructure validation and instant security checks
  • Multi-Cloud - Landing zone infrastructure for AWS and GCP
  • KubeLaunch - Comprehensive Kubernetes platform

🎯 Solutions Overview

The suite consists of four main components:

  1. FinOps & Cost Management

    • GCP Organization Recommender for cost optimization
    • AWS Resource Cleanup for unused resource management
    • Infrastructure cost tracking and analysis

  2. SecOps & Infra Pipelines

    • Automated validation and security checks
    • Cost impact analysis
    • Container, IAM, RDS, Storage and more security scanning

  3. Multi-Cloud Landing Zone

    • AWS and GCP infrastructure management
    • Network architecture and security controls
    • Database and Kubernetes infrastructure

  4. Kubernetes Platform (KubeLaunch)

    • Complete platform infrastructure
    • Service mesh and observability
    • GitOps and automation tools

🏗️ Architecture Components

FinOps Tools

GCP Organization Recommender

  • Monitors GCP recommendations using Recommender API
  • Identifies idle resources and right-sizing opportunities
  • Delivers Slack notifications for cost optimization
  • Serverless implementation using Cloud Functions

AWS Resource Cleanup

  • Automated cleanup of unused AWS resources
  • Multi-region support
  • Email notifications via SES
  • Safety features including dry-run mode and tag-based preservation

Infrastructure Pipeline

  • Pre-Commit Phase

    • GitGuardian secrets scanning
    • Threat modelling
    • Code quality checks

  • Validation Phase

    • Terraform validation
    • TFSec security analysis
    • Infracost analysis

  • Security Scanning

    • Container security
    • Kubernetes security
    • Multi-cloud security controls

Landing Zone Structure

AWS Organization

  • Management OU
  • Network Account
  • Shared-Services Account
  • Security OU
  • Production/Development OUs

GCP Organization

  • Root
    • Admin
    • Shared Environment
    • Production
    • Development
    • Staging

Kubernetes Platform

  • Core Platform

    • Certificate management
    • DNS automation
    • Secrets management
    • Node provisioning

  • Service Mesh

    • Istio
    • Kong API Gateway
    • Jaeger tracing

  • Observability

    • Loki stack
    • Kubecost
    • Custom monitoring

🚀 Prerequisites

Required Tools

  • Terraform >= v1.5.0
  • Terragrunt >= v0.60.0
  • AWS CLI
  • GCP SDK
  • kubectl
  • Helm v3.x

Cloud Provider Setup

# AWS Setup
aws configure

# GCP Setup
gcloud auth application-default login

🔑 Security & Compliance

Multi-Cloud Security Controls

  • IAM and RBAC configurations
  • Network security and encryption
  • Audit logging and monitoring
  • Compliance frameworks support

Kubernetes Security

  • Private clusters
  • Network policies
  • Service mesh encryption
  • Secrets management with Vault

📊 Monitoring & Observability

  • Cost monitoring with Kubecost
  • Log aggregation using Loki
  • Distributed tracing with Jaeger
  • Infrastructure metrics and alerting

🔧 Maintenance

Regular Tasks

  1. Component version updates
  2. Resource utilization review
  3. Cost optimization checks
  4. Security patch management
  5. Backup procedures

State Management

# AWS State Backup
terragrunt state pull > backup.tfstate

# GCP State
# Managed in GCS buckets with regional distribution

📝 Contributing

  1. Fork the repository
  2. Create your feature branch
  3. Commit your changes
  4. Push to the branch
  5. Create a Pull Request

🤝 Support

For support:

  • Open an issue in the repository
  • Contact cloud platform teams
  • Review documentation

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

Popular repositories Loading

  1. FinOps-Guardian FinOps-Guardian Public template

    AWS & GCP FinOps Tools

    Python 32 4

  2. git-security-scanner-public git-security-scanner-public Public

    Git secrets, vulnurabilities scanner with rich reporting

    Python 3

  3. multi-cloud-runway multi-cloud-runway Public template

    Ready-made "landing zone" solution that sets up multi-account cloud environments, complete with networking, IAM, security, and best-practice guardrails—powered by Terraform/Terragrunt.

    HCL 2

  4. secureops secureops Public template

    A turnkey CI/CD pipeline that integrates pre-commit checks, security scanning, and infrastructure validation—ensuring your code is compliant and production-ready before it hits the main branch.

    Dockerfile 2

  5. k8s-platform-tools k8s-platform-tools Public template

    Essential k8s platform tools and configuration examples

    HCL 1

  6. DevSecOps DevSecOps Public

    Forked from sottlmarek/DevSecOps

    Ultimate DevSecOps library

Repositories

Showing 10 of 19 repositories
  • openclaw-serverless Public

    GCP Cloud Run Multi-tenant Openclaw Agent

    cloudon-one/openclaw-serverless’s past year of commit activity
    HCL 0 MIT 0 0 0 Updated Mar 10, 2026
  • .github Public
    cloudon-one/.github’s past year of commit activity
    0 MIT 0 0 0 Updated Mar 10, 2026
  • gcp-lz Public

    A comprehensive, enterprise-grade Google Cloud Platform (GCP) landing zone designed for financial and healthcare organizations, providing secure, scalable, and compliant cloud infrastructure with strong network isolation, identity management, and regulatory compliance features.

    cloudon-one/gcp-lz’s past year of commit activity
    HCL 0 GPL-3.0 0 0 0 Updated Dec 13, 2025
  • git-security-scanner-public Public

    Git secrets, vulnurabilities scanner with rich reporting

    cloudon-one/git-security-scanner-public’s past year of commit activity
    Python 3 MIT 0 0 0 Updated Nov 22, 2025
  • kubelaunch-essentials Public

    A preconfigured Kubernetes environment with Terragrunt-based automation, service mesh, and observability baked in—ready to deploy in minutes.

    cloudon-one/kubelaunch-essentials’s past year of commit activity
    HCL 0 MIT 0 0 0 Updated Oct 17, 2025
  • google-landing-zone Public

    Production-ready GCP Landing zone template tailored for fintech companies

    cloudon-one/google-landing-zone’s past year of commit activity
    HCL 0 GPL-3.0 0 0 0 Updated Oct 7, 2025
  • multi-cloud-runway Public template

    Ready-made "landing zone" solution that sets up multi-account cloud environments, complete with networking, IAM, security, and best-practice guardrails—powered by Terraform/Terragrunt.

    cloudon-one/multi-cloud-runway’s past year of commit activity
    HCL 2 MIT 0 0 0 Updated Oct 6, 2025
  • secureops Public template

    A turnkey CI/CD pipeline that integrates pre-commit checks, security scanning, and infrastructure validation—ensuring your code is compliant and production-ready before it hits the main branch.

    cloudon-one/secureops’s past year of commit activity
    Dockerfile 2 MIT 0 0 0 Updated Oct 6, 2025
  • terraform-google-modules Public

    Production-ready terraform modules for GCP Infrastructure

    cloudon-one/terraform-google-modules’s past year of commit activity
    HCL 0 GPL-3.0 0 0 0 Updated Oct 6, 2025
  • FinOps-Guardian Public template

    AWS & GCP FinOps Tools

    cloudon-one/FinOps-Guardian’s past year of commit activity
    Python 32 MIT 4 0 0 Updated Oct 3, 2025
View all repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Most used topics

Loading…
Developer Program Member