An open source project turns 10 and finds itself tailor-made for the agentic AI era
Ten years ago, people were just getting comfortable with the cloud, never mind worrying about containing costs, but Capital One decided to open source an internal cost-control project based on policy as code. That project was Cloud Custodian. In April 2016 I wrote the story of that release for TechCrunch. A decade later, here I am covering the 10-year anniversary of the project.
As I wrote at the launch, "Capital One hopes Cloud Custodian takes off as an open-source project and develops a loyal following. The announcement today is the first step as it tries to build a community around the tool." It certainly did that and more, and Kapil Thangavelu, who was lead developer for the original project, is pumped that it has reached this landmark moment.
"Ten years is definitely a huge milestone. I'm super excited about it. I find that true survivability is looking forward to the next 10 years when there are other people that are managing the project, that it's truly independent, and that it survives [long-term]," Thangavelu told FastForward.
Cloud Custodian lets organizations define their cloud governance rules as code and then automatically enforces them. What's more, it's platform-agnostic, working across AWS, Azure, and Google Cloud. When Capital One first deployed it internally, the company reported a 25% reduction in AWS resource usage. That kind of automated cost control was way ahead of its time.
Thangavelu left Capital One, and worked briefly for AWS, before launching Stacklet in 2020 (which I also covered at TechCrunch) to be a commercial company built on top of the Cloud Custodian project. As I wrote, "While cloud administrators can download and figure out how to use the raw open source, Stacklet is attempting to make that easier by providing an administrative layer to manage usage across thousands of cloud accounts…"
The project is thriving
By any measure, the open source project has been a smashing success and continues to grow with over 500 million downloads since day one with over 500 unique contributors including many of the biggest companies in the world. Along with Capital One, other contributing companies include Intuit, JP Morgan Chase, Siemens, HBO Max, Ticketmaster, Eli Lilly, Boeing and many more (some of whom prefer not to be named publicly).
Recent advances in AI coding tools have been a double-edged sword for projects like Cloud Custodian. On one hand, it enables them to move faster and tick off additions that would have taken months previously, but the velocity is also a problem for maintainers, who have more code to process and review.
"Over the last like three months, we've definitely started to see more AI-generated pull requests drop, and to be honest most of them so far have actually been pretty reasonable. But the flip side is the maintainer time has become hugely critical," he said. He believes that open source maintainers need better tools to help them sort through all of this code, and we will see those developing over time.
Umair Khan, director of marketing at Stacklet, says that agentic AI also plays right into the same code concept, even though they couldn't have known that in 2016. "We're kind of made for this because this policy-as-code is the same language that humans understand, and now agents understand as well."
Looking ahead, Thangavelu hopes the project becomes increasingly independent and ultimately reaches “graduated” status inside the CNCF, the neutral foundation where Cloud Custodian now lives. Ten years in, both the project and the company built on top of it have come a long way, and as AI changes the infrastructure landscape, there is still plenty of room for both to grow.
