Resource Management¶
Visibility, control, and bulk actions across all cloud resources -- filtered by service and region.
Overview¶
RosettaOps gives managers and users direct visibility into cloud provider resources and the ability to act on them in bulk. Unlike native cloud consoles -- where you must navigate region by region and service by service -- RosettaOps aggregates resources across all regions and services into a single view and lets you stop, terminate, or clean up resources with precise filtering.
Resource Visibility¶
RosettaOps provides two levels of resource visibility:
| Level | What You See |
|---|---|
| User view | All your resources combined across all regions and cloud providers, with hourly cost estimates per resource |
| Manager view | All resources across all sub-accounts under your root cloud account, aggregated by user, project, and sub-organization |
Native Cloud Views¶
Native Cloud views show resources as they exist in the cloud provider, complementing the MetaCloud's abstracted view:
| View | Description |
|---|---|
| Resources | Resource inventory across all services and regions |
| Native Machines | Running instances as seen by the cloud provider |
| Native Clusters | Container and compute clusters (ECS, EKS, Kubernetes, Hadoop, Spark) |
| Native Images | Machine images in the cloud provider |
| Native Object Storages | Object storage buckets in the cloud provider |
| Native IAM Users | IAM users configured in the cloud account |
| Native IAM Roles | IAM roles configured in the cloud account |
These views are valuable for auditing, troubleshooting, and reconciling the MetaCloud's managed artifacts with the actual cloud provider state.
Bulk Resource Actions¶
RosettaOps provides three bulk actions that can be executed on one or more cloud accounts simultaneously. Each action can be filtered by service and region, giving managers precise control over what gets affected.
| Action | Description | Reversible |
|---|---|---|
| Stop All | Stop all compute, ML, and database instances. Instances that cannot be stopped are terminated after snapshot. | |
| Terminate All | Terminate all compute, ML, database instances, and clusters (Kubernetes, ECS, Hadoop, Spark) | |
| Cleanup All | Remove everything from the cloud account -- instances, storage, networking, and all other resources |
Destructive Actions
Terminate All and Cleanup All are irreversible. All data and resources within the selected services and regions will be permanently deleted.
Service and Region Filtering¶
Each bulk action presents a filtering interface with two tabs:
| Filter | What It Controls |
|---|---|
| Services | Select which cloud services to include (e.g., EC2, RDS, SageMaker, S3, EKS). Only resources belonging to checked services are affected. |
| Regions | Select which cloud regions to include (e.g., us-east-1, eu-west-1). Only resources in checked regions are affected. |
The available services differ by action type -- Stop All shows services whose resources can be stopped, Terminate All shows services whose resources can be terminated, and Cleanup All shows all services.
Targeted cleanup
Combine service and region filters to perform surgical actions. For example, stop only GPU instances in us-east-1 by selecting only the compute service and a single region, or terminate all Hadoop clusters across all regions while leaving other resources untouched.
Common Workflows¶
End-of-day cost savings:
- Select cloud accounts for a team or sub-organization
- Execute Stop All filtered to compute services only
- Storage and networking remain intact; instances resume the next morning
Budget depletion response:
- Account reaches budget ceiling and is automatically disabled
- Manager executes Stop All to halt spending on running resources
- Budget is transferred to re-enable the account
- User resumes work on stopped instances
Account reassignment (pool accounts):
- Execute Cleanup All with no filters (all services, all regions)
- Reset credentials and emails
- Account is ready for the next user
Compliance remediation:
- Compliance scan flags non-compliant resources in a specific region
- Execute Terminate All filtered to that region and service
- User re-provisions compliant resources
Resource Safeguards¶
RosettaOps includes automated safeguards that protect cloud accounts without manual intervention:
| Feature | Description |
|---|---|
| Auto-stop idle instances | Idle compute instances are automatically stopped after a configurable timeout |
| Spot instance safeguarding | Spot instances are managed with automatic interruption handling and data preservation |
| Spot usage restrictions | Administrators can restrict or control spot instance usage per user or organization |
| Instance count limits | Maximum number of compute instances can be enforced per cloud account |
| Storage size limits | Quotas can be enforced on object, file, block storage, and snapshots |
Detach and Cleanup¶
The Detach and Cleanup action goes beyond resource cleanup -- it cleans the cloud account and returns it to the account pool for reassignment. This is a SUPERUSER-level action used when an account is no longer needed by its current owner.
Permissions¶
Bulk resource actions require management roles on the cloud account:
| Action | Minimum Role |
|---|---|
| Stop All | CPOC |
| Terminate All | CPOC |
| Cleanup All | CPOC |
| Detach and Cleanup | SUPERUSER |
Related Topics¶
- Cloud Operations Overview -- The governance layer of the Supercloud
- Managing Cloud Accounts -- Budget actions, access controls, and account lifecycle
- Cost Management -- Real-time cost tracking and budget enforcement
- Compliance Scanning -- Detect and remediate non-compliant resources