CloudAgent gives you AI agents that manage your cloud infrastructure. They handle tasks like security compliance, cost optimization, deployments, and monitoring. You remain in control as agents show you their plans, wait for your approval, then execute. Think of it as having a cloud operations team that works 24/7 without needing to hire an army of cloud experts.

How can AI agents be trusted with production cloud infrastructure?

You stay in control through approval workflows where every infrastructure change can require human approval before execution, custom security controls with granular access rules, complete audit trails of every action, self-hosted deployment options, and progressive trust models starting with read-only access.

How does it actually reduce costs?

CloudAgent agents delete unused resources, schedule non-production shutdowns, right-size infrastructure based on usage patterns, and recommend architectural optimizations. Early customers report 15-40% cost reduction within 90 days. Unlike dashboards, CloudAgent actually fixes the problems.

1. Assessment

List Network Firewall stateless rule groups and capture rule counts
Identify stateless rule groups that contain no rules
User: Confirm deletion for each empty stateless rule group

2. Configuration

Delete stateless rule groups confirmed as unused and left empty

3. Validation

Validate empty stateless rule groups are deleted or explicitly retained as exceptions

1 Credits

Manage Empty AWS Network Firewall Stateless Rule Groups

Overview

Clean up unused AWS Network Firewall stateless rule groups by identifying those that contain no rules, deciding which should be deleted, and validating that only intentional exceptions remain. The plan walks through discovering all stateless rule groups across your chosen accounts and regions, guiding you through which empty groups to remove or retain, executing deletions where approved, and finally verifying and documenting the outcome for audit and future reference.

Execution Details

Assessment

This phase builds a clear inventory of stateless rule groups and highlights those that are empty:

List Network Firewall stateless rule groups and capture rule counts
Enumerate Network Firewall rule groups across all in-scope accounts and regions, then narrow the working set to stateless rule groups only. For each group, capture key attributes such as name, ARN, ID, account, region, capacity, description, type, and any useful tags (for example Environment, Application, Owner, CostCenter). Inspect the rule group definition to determine how many stateless rules or entries it contains, and store all details in a structured dataset for analysis.
Identify stateless rule groups that contain no rules
Analyze the collected inventory to find stateless rule groups with a recorded rule count of zero. Flag these as empty candidates and compile their metadata (name, ARN, ID, account, region, capacity, description, tags) into a consolidated list for decision-making. If no empty groups are found, record that outcome so no cleanup actions are performed unnecessarily.
User: Confirm deletion for each empty stateless rule group
Present the list of empty stateless rule groups, including their metadata and tags, to help you understand their context and potential purpose. For each group, you decide whether it should be deleted or retained as an intentional exception (for example as a placeholder for future rules or due to policy). Your decisions, along with any justifications or notes, are captured in a structured decision record mapping each group to an action: “delete” or “retain as-is (exception).”

Configuration

This phase applies the decisions you made by deleting only the approved empty stateless rule groups:

Delete stateless rule groups confirmed as unused and left empty
Use the decision record to determine which empty rule groups are approved for deletion. Before removing each one, recheck that it is still empty, in a valid state for deletion, and not referenced by any Network Firewall policies or firewalls. If a group is found to be in use or otherwise blocked from deletion, it is removed from the deletion set and flagged for follow-up. Perform deletions for all remaining approved groups, record any failures and their details, and then re-enumerate stateless rule groups in affected accounts and regions to confirm that the deleted groups no longer appear. Summarize all groups successfully deleted, as well as any that were retained or could not be removed, making clear that only user-approved empty groups were targeted.

Validation

This phase confirms the environment now reflects your intended state and documents it for audit:

Validate empty stateless rule groups are deleted or explicitly retained as exceptions
Retrieve the original list of empty stateless rule groups and the associated decision record. Re-enumerate stateless rule groups across all in-scope accounts and regions, then verify that each group marked for deletion has been removed. For groups intentionally retained as exceptions, confirm they still exist and remain empty. Document any discrepancies—such as a group that still exists despite being marked for deletion, or an exception group that unexpectedly has rules—and note required remediation actions. Produce a final validation report that summarizes how many empty stateless rule groups were deleted, how many were retained as exceptions, and any outstanding issues, and store this along with supporting data for future audit and follow-up.