How it Works

dragondrop.cloud is a management platform for the open source cloud-concierge container. It supports managing and running cloud-concierge at scale, as well as visualizing the state of your cloud across time and cloud-concierge configurations.

Watch our Video Demo

Or read more on this page!

Sign-Up & Create a Job

Create a cloud-concierge managed instance (Job) within dragondrop using the web application.

Creating a Job with dragondrop.cloud

Create Serverless Container Compute in Your Cloud

Create a serverless compute instance in your cloud that is HTTP triggerable, and import our publicly available container. We provide Terraform modules that create the needed compute in minutes.

Configure Your Job With Environment Variables

Because no information about your cloud posture ever touches dragondrop servers, credentials by cloud division are specified for each Job as environment variables within a public cloud secrets manager. All public cloud permissions should be read-only.

Client-side environment variable validation.

Client-side environment variable validation makes setting up your env variables as quick and easy as possible.

Terraform resource configuration.

Get Suggestions in Your Version Control System (VCS)

Receive the following in a pull request within your VCS: 1) Uncontrolled cloud resources codified as Terraform along with needed import migration statements. 2) Identification of drifted cloud resources. 3) Identification of the users and service accounts changing your cloud outside of the Terraform workflow. 4) A “State of Cloud” report output via a Pull request comment that summarizes the results of the Job run which includes cost estimations and security scans for your cloud subset.

Run Imports Programmatically within Your Existing CI/CD Pipeline

Programmatically “plan” and “apply” import statements generated by cloud-concierge within your existing CI/CD GitHub Actions pipelines. If running Terraform > 1.5, simply run within your existing Terraform workflow.

Terraform import migration import statements.
Surface Cloud Actors

Identify the Root Causes of Drift with Cloud Actor Identification

Each job outputs a “State of Cloud” report which, in addition to high-level summary of the changes identified, surfaces the user accounts and cloud actors responsible for creating and modifying cloud resources outside of your Terraform workflow.

See what uncontrolled resources are costing you

cloud-concierge outputs cloud cost summary so you can quickly see the monthly cost of uncontrolled resources. For individual resources, cloud-concierge provides information on the levers driving overall resource cost.

Monthly cost estimation.

Frequently Asked Questions

What Public Clouds Do You Support?

We currently support AWS, Azure and GCP.

What Terraform State Backends Do You Support?

dragondrop currently integrates with S3, azurerm, gcs, and Terraform Cloud as remote state backends.

Does cloud-concierge Make Changes to My Cloud?

No. The cloud-concierge container should only be granted read-only access to public clouds. All suggested resources-to-import from cloud-concierge must be first approved by authorized developers within your VCS and are only for migrating existing resources to Terraform control. dragondrop’s CI/CD process fails if any Terraform changes are detected other than a direct import of already existing resources.

What VCSs Do You Support?

We currently support GitHub. Support is planned for GitLab and BitBucket by the end of 2023.

What CI/CD platforms are Supported?

dragondrop currently supports GitHub Actions.

How Is My Cloud Kept Secure?

cloud-concierge runs hosted within your cloud, and with all recommendations placed directly into your VCS. Audits of the cloud-concierge container are easy – it is fully open sourced.

Ready To Get Started?