Cloud Custodian Policies not working for EC2 and S3

0 votes
I am trying to write Cloud custodian policies but I couldn't find a straight up rules filters for this in the official docs.

I am writing policies to terminate all internet facing ec2 instances and public S3 buckets.

Can someone help me as where am going wrong?
Oct 30, 2018 in AWS by findingbugs
• 3,200 points
358 views

2 answers to this question.

0 votes

You can refer to this documentation of AWS on: Cloud Custodian Docs

policies:
  - name: find-ec2-on-public-subnets
    resource: ec2
    filters:
        - type: value
          key: "SubnetId"
          op: in
          value:
              - subnet-d1e4xxxxx
              - subnet-d1e4xxxxx
    actions:
        - stop

  - name: s3-global-access
    resource: s3
    filters:
      - type: global-grants
    actions:
      - type: delete-global-grants
        grantees:
          - "http://acs.amazonaws.com/groups/global/AllUsers"
          - "http://acs.amazonaws.com/groups/global/AuthenticatedUsers"
answered Oct 30, 2018 by Priyaj
• 57,530 points
+1 vote

There are no straight up examples. Best to run a policy to capture resources of what you are looking for and build a filter based upon what you find in the resources.json file. Below is some sample code to get you started along your path. Try running the custodian policy with no filter defined, just the resource then look at the resources.json contents..

policies:

  - name: purge-lambda-after-7-days

    resource: lambda

    filters:

    - type: value

      value: ec2

      key: FunctionName

      value_type: normalize

     op: not_in

Example resources.json file;

[

  {

    "FunctionName": "EC2_Instance_Check",

answered Mar 1, 2019 by anonymous

Related Questions In AWS

0 votes
1 answer
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer

Attaching multiple policies for S3

As per the AWS documentation here, an ...READ MORE

answered Jul 30, 2019 in AWS by Praveen
• 700 points
190 views
+2 votes
10 answers

Difference between s3n, s3a and s3?

S3 Native FileSystem (URI scheme: s3n) A ...READ MORE

answered Oct 25, 2018 in AWS by Rishab rohan
13,495 views
+1 vote
10 answers
0 votes
1 answer