Cloud Custodian Policies not working for EC2 and S3

0 votes
I am trying to write Cloud custodian policies but I couldn't find a straight up rules filters for this in the official docs.

I am writing policies to terminate all internet facing ec2 instances and public S3 buckets.

Can someone help me as where am going wrong?
Oct 30, 2018 in AWS by findingbugs
• 3,170 points
233 views

2 answers to this question.

0 votes

You can refer to this documentation of AWS on: Cloud Custodian Docs

policies:
  - name: find-ec2-on-public-subnets
    resource: ec2
    filters:
        - type: value
          key: "SubnetId"
          op: in
          value:
              - subnet-d1e4xxxxx
              - subnet-d1e4xxxxx
    actions:
        - stop

  - name: s3-global-access
    resource: s3
    filters:
      - type: global-grants
    actions:
      - type: delete-global-grants
        grantees:
          - "http://acs.amazonaws.com/groups/global/AllUsers"
          - "http://acs.amazonaws.com/groups/global/AuthenticatedUsers"
answered Oct 30, 2018 by Priyaj
• 56,900 points
0 votes

There are no straight up examples. Best to run a policy to capture resources of what you are looking for and build a filter based upon what you find in the resources.json file. Below is some sample code to get you started along your path. Try running the custodian policy with no filter defined, just the resource then look at the resources.json contents..

policies:

  - name: purge-lambda-after-7-days

    resource: lambda

    filters:

    - type: value

      value: ec2

      key: FunctionName

      value_type: normalize

     op: not_in

Example resources.json file;

[

  {

    "FunctionName": "EC2_Instance_Check",

answered Mar 1 by anonymous

Related Questions In AWS

0 votes
1 answer
0 votes
1 answer
+2 votes
10 answers

Difference between s3n, s3a and s3?

S3 Native FileSystem (URI scheme: s3n) A ...READ MORE

answered Oct 25, 2018 in AWS by Rishab rohan
8,399 views
0 votes
1 answer
0 votes
1 answer
+1 vote
10 answers