Cloud Custodian Policies not working for EC2 and S3

0 votes
I am trying to write Cloud custodian policies but I couldn't find a straight up rules filters for this in the official docs.

I am writing policies to terminate all internet facing ec2 instances and public S3 buckets.

Can someone help me as where am going wrong?
Oct 30, 2018 in AWS by findingbugs
• 3,140 points
75 views

2 answers to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

You can refer to this documentation of AWS on: Cloud Custodian Docs

policies:
  - name: find-ec2-on-public-subnets
    resource: ec2
    filters:
        - type: value
          key: "SubnetId"
          op: in
          value:
              - subnet-d1e4xxxxx
              - subnet-d1e4xxxxx
    actions:
        - stop

  - name: s3-global-access
    resource: s3
    filters:
      - type: global-grants
    actions:
      - type: delete-global-grants
        grantees:
          - "http://acs.amazonaws.com/groups/global/AllUsers"
          - "http://acs.amazonaws.com/groups/global/AuthenticatedUsers"
answered Oct 30, 2018 by Priyaj
• 56,120 points
0 votes

There are no straight up examples. Best to run a policy to capture resources of what you are looking for and build a filter based upon what you find in the resources.json file. Below is some sample code to get you started along your path. Try running the custodian policy with no filter defined, just the resource then look at the resources.json contents..

policies:

  - name: purge-lambda-after-7-days

    resource: lambda

    filters:

    - type: value

      value: ec2

      key: FunctionName

      value_type: normalize

     op: not_in

Example resources.json file;

[

  {

    "FunctionName": "EC2_Instance_Check",

answered Mar 1 by anonymous

Related Questions In AWS

0 votes
1 answer
+2 votes
10 answers

Difference between s3n, s3a and s3?

S3 Native FileSystem (URI scheme: s3n) A ...READ MORE

answered Oct 25, 2018 in AWS by Rishab rohan
3,593 views
0 votes
3 answers
0 votes
1 answer
0 votes
1 answer
+1 vote
10 answers

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.