CloudAgent gives you AI agents that manage your cloud infrastructure. They handle tasks like security compliance, cost optimization, deployments, and monitoring. You remain in control as agents show you their plans, wait for your approval, then execute. Think of it as having a cloud operations team that works 24/7 without needing to hire an army of cloud experts.

How can AI agents be trusted with production cloud infrastructure?

You stay in control through approval workflows where every infrastructure change can require human approval before execution, custom security controls with granular access rules, complete audit trails of every action, self-hosted deployment options, and progressive trust models starting with read-only access.

How does it actually reduce costs?

CloudAgent agents delete unused resources, schedule non-production shutdowns, right-size infrastructure based on usage patterns, and recommend architectural optimizations. Early customers report 15-40% cost reduction within 90 days. Unlike dashboards, CloudAgent actually fixes the problems.

1. Assessment

Inventory Backup vaults and plans
Inventory recovery points and age/size distribution
User: Specify lifecycle scope and policy values
Verify vault KMS and access permissions

2. Configuration

Update lifecycle rules on targeted backup rules/vaults
Apply prepared KMS policy statements or grants when authorized

3. Validation

Confirm lifecycle settings applied to rules/vaults

1 Credits

Configure AWS Backup Lifecycle Rules

Overview

Configure lifecycle rules for AWS Backup to transition older recovery points to cold storage or delete them to control storage costs. The plan evaluates your existing backup vaults and backup plans (no new plans or resource assignments will be created), guides you through selecting targets and lifecycle values, verifies KMS and vault permissions, applies lifecycle and KMS changes where authorized, and validates that rules and recovery points reflect the intended lifecycle behavior. The process produces inventories, a Vault↔BackupPlan.Rule matrix, prepared KMS policy/grant payloads (where needed), and auditable change records and validation summaries.

Execution Details

Phase: Assessment

Inventory backup vaults and plans: enumerate vaults and backup plans with metadata (names, ARNs, account/region context, tags), encryption/KMS details (KeyId/ARN, AWS-managed vs CMK, alias), vaultLock/immutability settings, and backup-plan rules (schedule, targets, lifecycle, copy actions, selection scope). Produce a consolidated Vault ↔ BackupPlan.Rule matrix to support scoping changes.
Inventory recovery points and age/size distribution: list recovery points per vault/selection with size, storage class, encryption, creation/completion dates and status; aggregate into age buckets (0–30, 31–90, 91–365, >365 days), identify cold-storage items, largest and oldest recovery points, and flag immutability/legal-hold constraints. Produce candidate targets where lifecycle changes could meaningfully reduce costs with estimated freed size.
Collect user lifecycle policy preferences: guide the user to specify target scope (vaults, backup plans, rule IDs, or all), numeric lifecycle values (transitionToColdStorageAfterDays and deleteAfterDays or 'none'), whether changes apply retroactively or only to new recovery points, explicit allow/deny for transitions and deletions per target, scheduling/blackout windows, notification recipients, acceptance/rollback criteria, KMS authorization (whether the agent may update key policies/grants), and any explicit exclusions or compliance constraints.
Verify vault permissions and KMS alignment: for each target CMK capture a policy/grants summary and determine whether AWS Backup principals and the account backup role have required KMS permissions; identify missing permissions or vaults blocked by vaultLock/immutability and prepare exact policy statement(s) or grant parameters if changes are required.

Phase: Configuration

Apply lifecycle rules to targeted backup rules/vaults: for each specified target, set lifecycle values as provided by the user. If plan versioning exists, publish a new plan version and record the new version id. Record prior lifecycle objects for rollback/audit, confirm rule→vault mappings after changes, attempt retroactive updates to existing recovery points if supported (or document that changes only affect new recovery points), and log API responses (successes, warnings, errors) with timestamps and actor identity. Abort or isolate affected vaults when KMS or vaultLock errors occur unless explicit authorization is provided.
Update vault KMS permissions when authorized: prepare the exact policy statements or KMS grant parameters needed, apply key policy updates or create grants where the agent is authorized, and validate that AWS Backup principals can perform required cryptographic operations. For keys where authorization is not granted, provide the prepared payload and explicit instructions for the key owners to apply. Record before/after snapshots, grant ids, and full audit metadata.

Phase: Validation

Confirm lifecycle configuration applied: fetch modified backup plan versions and rules and verify lifecycle fields exactly match user-requested values, ensure each rule remains active and references the intended vault, record new version ids (if any), timestamps and actor identity, and store final lifecycle objects for audit.

Outputs & auditables you will get:

Full inventories (vaults, plans, rules, recovery points) and a consolidated Vault ↔ BackupPlan.Rule matrix.
Age/size bucket summaries and candidate targets with estimated savings.
User-provided lifecycle scope and policy values, schedule, notifications, and rollback criteria.
Prepared KMS policy/grant payloads and applied changes (where authorized) with before/after snapshots and grant ids.
Change records for each modified rule/plan (previous lifecycle object, new lifecycle, version ids), API response logs, timestamps, and actor identity.
A validation report showing applied settings and the observed or expected effects on recovery points, plus remediation actions for any failures.