Cloud Custodian
One policy and Lambda for policing multiple resources #10489
Unanswered
amckeown-blc
asked this question in
AWS
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
At the moment in 0.9.48 you can't do one policy and one lambda to do the same check on multiple resources, for example are there any resources which don't have any tags at all:
resource: aws.resource
So if we want to check for untagged resources, say all ECS, Lambda, RDS, ECS, EC2, Redshift, we have to have separate Lambdas and Policies for each resource type. The fix would search all resources in an AWS account for anything untagged, in one policy and one Lambda in stead of below: Unless there is a way to do it ?
name: untagged-ebs
resource: ebs
filters:
key: Tags
value: empty
mode:
type: periodic
schedule: "rate(1 day)"
role: arn:aws:iam::*:role/CloudCustodianRole
timeout: 900
execution-options:
output_dir: s3://custodian-output-bucket-blc/
output_format: jsonlines
name: untagged-nat
resource: nat-gateway
filters:
key: Tags
value: empty
mode:
type: periodic
schedule: "rate(1 day)"
role: arn:aws:iam::*:role/CloudCustodianRole
timeout: 900
execution-options:
output_dir: s3://custodian-output-bucket-blc/
output_format: jsonlines
-------------------------
Storage and filesystem
-------------------------
name: untagged-efs
resource: efs
filters:
key: Tags
value: empty
mode:
type: periodic
schedule: "rate(1 day)"
role: arn:aws:iam::*:role/CloudCustodianRole
timeout: 900
execution-options:
output_dir: s3://custodian-output-bucket-blc/
output_format: jsonlines
name: untagged-s3
resource: s3
filters:
key: Tags
value: empty
mode:
type: periodic
schedule: "rate(1 day)"
role: arn:aws:iam::*:role/CloudCustodianRole
timeout: 900
execution-options:
output_dir: s3://custodian-output-bucket-blc/
output_format: jsonlines
name: untagged-firehose
resource: firehose
filters:
key: Tags
value: empty
mode:
type: periodic
schedule: "rate(1 day)"
role: arn:aws:iam::*:role/CloudCustodianRole
timeout: 900
execution-options:
output_dir: s3://custodian-output-bucket-blc/
output_format: jsonlines
-------------------------
Databases and analytics
-------------------------
name: untagged-dynamodb
resource: dynamodb-table
filters:
key: Tags
value: empty
mode:
type: periodic
schedule: "rate(1 day)"
role: arn:aws:iam::*:role/CloudCustodianRole
timeout: 900
execution-options:
output_dir: s3://custodian-output-bucket-blc/
output_format: jsonlines
name: untagged-rds
resource: rds
filters:
key: Tags
value: empty
mode:
type: periodic
schedule: "rate(1 day)"
role: arn:aws:iam::*:role/CloudCustodianRole
timeout: 900
execution-options:
output_dir: s3://custodian-output-bucket-blc/
output_format: jsonlines
name: untagged-redshift
resource: redshift
filters:
key: Tags
value: empty
mode:
type: periodic
schedule: "rate(1 day)"
role: arn:aws:iam::*:role/CloudCustodianRole
timeout: 900
execution-options:
output_dir: s3://custodian-output-bucket-blc/
output_format: jsonlines
-------------------------
Compute and networking
-------------------------
name: untagged-lambda
resource: lambda
filters:
key: Tags
value: empty
mode:
type: periodic
schedule: "rate(1 day)"
role: arn:aws:iam::*:role/CloudCustodianRole
timeout: 900
execution-options:
output_dir: s3://custodian-output-bucket-blc/
output_format: jsonlines
name: untagged-ecs
resource: ecs
filters:
key: Tags
value: empty
mode:
type: periodic
schedule: "rate(1 day)"
role: arn:aws:iam::*:role/CloudCustodianRole
timeout: 900
execution-options:
output_dir: s3://custodian-output-bucket-blc/
output_format: jsonlines
name: untagged-classic-elb
resource: elb
filters:
key: Tags
value: empty
mode:
type: periodic
schedule: "rate(1 day)"
role: arn:aws:iam::*:role/CloudCustodianRole
timeout: 900
execution-options:
output_dir: s3://custodian-output-bucket-blc/
output_format: jsonlines
Beta Was this translation helpful? Give feedback.
All reactions