Cloud costs
September 7, 2023
min read

Harness Cloud Asset Governance powered by AIDA™: The Path to a Well Managed Cloud


We've all gotten busy and let our refrigerators get a bit messy over time with forgotten and expired food which takes up space, wastes money, and could lead to health risks. And that’s with only one or two people using it. Imagine how bad the problem would be with dozens of people sharing it, losing track of what is theirs, and no one taking responsibility to clean out the science experiments hatching there. Scary right?

But that is exactly what happens in your cloud environment. The ability to self provision infrastructure leads to great agility in development, at the cost of keeping everything neat and orderly. Overtime, without someone chartered to take charge of the mess, your cloud becomes cluttered with unused resources, inefficient deployments and compliance and security issues, which together waste a large part of the $490 billion cloud computing market spend.

Wasted spend means lost opportunities for innovation. In the current economy, efficiency is paramount as tightening budgets force teams to take a hard look at their cloud efficiency. Trying to manage your cloud assets by relying on ad-hoc scripting and manual processes leads to a massive overhead for developers, and lacks centralized reporting on the how well your cloud is being managed. 

You need a better alternative, one that automates the governance of your cloud assets, while also giving your teams strong visibility into their cloud spend and efficiency.

Introducing Harness Cloud Asset Governance

Harness Cloud Asset Governance helps customers find and eliminate cloud waste automatically, while also providing a policy engine to ensure cloud resources are in compliance with corporate standards. By leveraging policy-as-code, it automates resource optimization, security, and compliance tasks, freeing your engineers to focus on creating innovative products and services that drive your revenue.

Harness Cloud Asset Governance is built on top of the popular open source software Cloud Custodian, designed to streamline cloud asset management and governance across your multi-cloud environments. It’s a widely used open-source tool backed by CNCF, that enables users to modernize cloud governance with a governance-as-code approach that simplifies and automates setting up the guardrails needed to proactively manage your cloud assets.

However, using Cloud Custodian at scale comes with challenges:

  • No GUI: It’s a CLI driven tool only, requiring knowledge of how to create and edit YAML files in the correct syntax.
  • No Reporting: Without a GUI, there’s not way to provide for centralized visibility of rules and enforcement across stakeholders
  • No Security/Governance: There is no ability to apply RBAC, or have audit trails for changes made. 
  • Operational Overhead: As with any open source tool, it requires ongoing maintenance, high management overhead, and needs dedicated infrastructure provisioned
  • No Generative AI: No ability to provide guidance on rules, or smart policy authoring that allows user to create rules using natural language

Harness Cloud Asset Governance leverages all of the goodness of Cloud Custodian, such as its comprehensive coverage of governance policy support across cloud providers, while eliminating all the major pain points of self-hosting Cloud Custodian. Harness provides a rich set of preconfigured governance-as-code rules that make it easy to implement out of the box, as well as introducing AI Development Assistant (AIDA™) to power Cloud Asset Governance with a natural language interface that eliminates the need to understand YAML syntax to author policies.

Comprehensive Cloud Resource Coverage

Harness Cloud Asset Governance: Comprehensive Cloud Coverage
Harness Cloud Asset Governance: Comprehensive Cloud Coverage

Since we built Cloud Asset Governance on top of the open source Cloud Custodian, we can take advantage of all of the comprehensive coverage that currently exists, and new coverage as it’s created. That allows us to support all major cloud assets, across all major cloud cloud providers. Support for AWS is already generally available, and we’ve just launched the Azure beta availability, with GCP soon to follow. 

Harness also offers a wide range of policies which are available out of the box, which you can leverage on day 0 to optimize your cloud resources and setup guardrails against future wastage.

AWS Resource Coverage (Comprehensive list)

  • EC2 instances
  • S3 buckets
  • Lambda functions
  • RDS (Relational Database Service) instances
  • CloudFormation stacks

Azure Resource Coverage (Comprehensive list)

  • Virtual Machines (VMs)
  • Storage accounts
  • App services
  • Cosmos DB accounts
  • Key Vaults

GCP Resource Coverage (Comprehensive list)

  • Compute Engine instances
  • Cloud Storage buckets
  • App Engine applications
  • Cloud SQL instances
  • Cloud IAM policies

Our customers have seen immediate results from their use of Cloud Asset Governance. Jay Patel, Head of DevOps at Advanced, had this to say about it:

"Given the pressing need for fiscal prudence in today's economic environment, streamlining the management of our cloud expenditures through automated cost governance is pivotal, especially when cloud resources can easily be over-provisioned or go unused. In our initial implementation of Harness Cloud Asset Governance, we've run over 175,000 policy evaluations, showing a potential of $252,000 in annual cost savings recommendations. We see immense promise in its ability to help us maintain strong governance over our cloud spend."

How Does Harness Cloud Asset Governance Work?

The possible combinations of governance-as-code rules that you can implement is nearly endless. You can keep it simple, and just look for orphaned, unused and idle resources, and shut them down. You can focus on governance and compliance, and write rules to enforce data retention policies, or ensure new assets are properly tagged. Or, you could focus on right-sizing assets such as compute, database or storage, as in the example below. 

For some companies, data storage costs can be a significant portion of their cloud bill, especially if engineers overestimate the I/O speeds they require for their applications. Let’s take Elastic Block Storage (EBS) volumes as an example. As new generations of SSDs are introduced, they become faster and less expensive than previous generations, and AWS passes these benefits to their customers with new EBS volume types. 

EBS gp3 volumes are up to 20% less expensive than the older gp2 volume type, while also allowing independent provisioning of volume size, IOPS, and throughput. It’s almost a no brainer to upgrade to gp3 as they are cheaper and offer better throughput than gp2. 

But, how can you enforce this as a guardrail, and ensure existing and new volumes are all using less expensive, faster storage? With Harness Cloud Asset Governance, you can easily create a policy for this, but you won’t have to because this policy is available out-of-the-box. 

Example Cloud Asset Governance Policy

You simply need to pick the accounts & regions where you want to enforce the governance policy. Harness Cloud Asset Governance will automatically identify all the EBS gp2 volumes which can be auto upgraded to EBS gp3 and perform the upgrade. All with a single click!

Creating Cloud Asset Governance Rules

If your teams are like most engineering teams, they're going to be a bit hesitant to allow rules to be implemented without at least a little bit of oversite. At least at the start. That's why Harness Cloud Asset Governance includes a "Dry Run" feature that lets you see what the rule would do, without enforcing the actions. Harness Cloud Asset Governance also keeps comprehensive logs of the actions that have been taken, so your teams have an audit trail if questions arise.

Cloud Asset Governance Logs

You can also set up Enforcement rules which will periodically scan through your cloud asset inventory to enforce policies automatically over time to keep your cloud assets well managed. 

Cloud Asset Governance Rule Enforcement

Harness AIDA™ (AI Development Assistant)

Cloud Asset Governance policies play a crucial role in automatically governing cloud assets and proactively optimizing cloud costs. However, authoring these governance-as-code policies can be challenging and confusing, especially when trying to master the correct syntax for your needs. 

The Harness AI Development Assistant (AIDA™) was created to assist with understanding your existing policies, as well as creating new policies. Harness AIDA offers a user-friendly, natural language interface that serves as an excellent starting point for establishing the necessary policies for your cloud governance. 

When you need to create a new governance policy rule, all you need to do is type in what you need, using a sentence format, such as “find unused EBS volumes older than 90 days and delete them”, or using our example above “find all EBS gp2 volumes and upgrade them to EBS gp3”. Harness AIDA understands your requirements and generates customized policy rules to align with your needs. 

Cloud Asset Governance Rule Creation Using Harness AIDA

How do you know that Harness AIDA created a valid rule (or that you even asked for a valid action)? Harness Cloud Asset Governance can validate the rule for you, before you ever try to implement it.

What about if you have a rule that was pre-defined, but you don’t fully understand what it is going to do? Harness AIDA offers detailed descriptions of built-in rules and custom rules that others in the organization might have authored. This feature enables you to understand the purpose, scope, and implications of each rule, thereby facilitating informed decision-making during the policy enforcement process.

Understanding Cloud Asset Governance Rules Using Harness AIDA

With AI becoming a critical capability in so much of our daily lives, it’s no surprise that our customers are taking full advantage of Harness Cloud Asset Goveranance, powered by AIDA. Michal Malohlava, VP of Engineering at said: 

"With the rise in AI applications being run on our AI cloud, we looked for an automated solution built powered by AI to gain better control of our cloud cost management. Using Harness Cloud Asset Governance, we've transitioned to a FinOps-as-Code model, enforcing cost governance policies at scale, in real-time. We've uncovered over $35,000 per month in cost savings during our first 30 days of using the feature, and expect to continue to see more over time. We are excited about its capacity to refine our cost strategies as our business continues to grow."

What’s Next?

Transform your path to a well managed cloud with Governance-as-code and try Harness Cloud Asset Governance now to receive automatic recommendations that can save you money, improve compliance, and reduce security risks. Still want to learn more? Talk to a Harness sales specialist today to get a free demo.

Sign up now

Sign up for our free plan, start building and deploying with Harness, take your software delivery to the next level.

Get a demo

Sign up for a free 14 day trial and take your software development to the next level


Learn intelligent software delivery at your own pace. Step-by-step tutorials, videos, and reference docs to help you deliver customer happiness.

Case studies

Learn intelligent software delivery at your own pace. Step-by-step tutorials, videos, and reference docs to help you deliver customer happiness.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback?
Share your thoughts by creating a new topic in the Harness community forum.

Sign up for our monthly newsletter

Subscribe to our newsletter to receive the latest Harness content in your inbox every month.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Cloud Cost Management