Skip to content

Instantly share code, notes, and snippets.

@rubendob

rubendob/tag.yml

Last active September 2, 2020 16:09
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save rubendob/1bfd7efa431d851f3f690a465d1fb25e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save rubendob/1bfd7efa431d851f3f690a465d1fb25e to your computer and use it in GitHub Desktop.
Download ZIP
CloudCustodian Tagging Simple Policy - How write simple policy, execute and report by command line
Raw
tag.yml
---
policies:
- name: ec2-tag-policy
resource: aws.ec2
filters:
- or:
- "tag:Project": absent
- "tag:Team": absent
@rubendob
Copy link
Copy Markdown
Author

rubendob commented Sep 2, 2020
edited
Loading

One thing we must remember is the report sub command only supports one kind of resource, not multiples.

docker run -it -e AWS_ACCESS_KEY_ID="XXX" -e AWS_SECRET_ACCESS_KEY="XXX"  -e AWS_DEFAULT_REGION="eu-west-1"    -v $(pwd)/output:/home/custodian/output  -v $(pwd)/tag.yml:/home/custodian/tag.yml    cloudcustodian/c7n report -v  -s /home/custodian/output /home/custodian/tag.yml --format grid

Here we can see there are at least 125 EC2 which are no compliance based on the policy we already have wroted

2020-09-02 06:34:39,307: custodian.cache:DEBUG Disabling cache
2020-09-02 06:34:39,307: custodian.commands:DEBUG Loaded file /home/custodian/tag.yml. Contains 1 policies
2020-09-02 06:34:39,315: custodian.aws:DEBUG using default region:eu-west-1 from boto
2020-09-02 06:34:39,922: custodian.reports:DEBUG Found 125 records for region eu-west-1
2020-09-02 06:34:39,923: custodian.reports:DEBUG Uniqued from 125 to 125

Command will return a grid using the --format grid option

---------------------+---------------------+------------------------------------------+----------------+---------------------------+--------------+--------------------+
| CustodianDate       | InstanceId          | tag:Name                                 | InstanceType   | LaunchTime                | VpcId        | PrivateIpAddress   |
+=====================+=====================+==========================================+================+===========================+==============+====================+
| 2020-09-02 06:24:52 | i-0f9844406bd445144 | cXX-Cxx                  | t2.xlarge      | 2019-07-30T08:58:46+00:00 | vpc-XXXXX | 10.0.126.24        |
+---------------------+---------------------+------------------------------------------+----------------+---------------------------+--------------+--------------------+
| 2020-09-02 06:24:52 | i-093b3167e7480edee | cXX-Cxx                  | t2.xlarge      | 2019-09-20T20:24:53+00:00 | vpc-XXXX | 10.0.123.104       |
+---------------------+---------------------+------------------------------------------+----------------+---------------------------+--------------+--------------------+
| 2020-09-02 06:24:52 | i-09d1be7ed664c3a52 | cXX-Cxx             | m5d.4xlarge    | 2020-09-02T02:34:39+00:00 |              |                    |
+---------------------+---------------------+------------------------------------------+----------------+---------------------------+--------------+--

More examples, this time of security groups unused

+----------------------+---------------------------------------------------------------------------------+
| sg-5ed0843a          | jenkins                                                                         |
+----------------------+---------------------------------------------------------------------------------+
| sg-6c12b40b          | SecurityGroup-beta-HotTopicSecurityGroup-15IO0TW95X32Y                          |
+----------------------+---------------------------------------------------------------------------------+
| sg-c489a8a0          | SecurityGroup-prod-SolrSlaveELBSecurityGroup-MX76R697283I                       |
+----------------------+---------------------------------------------------------------------------------+
| sg-cbbff8ac          | Solr-UploadSuggester-beta-SolrUploadSuggesterSlaveELBSecurityGroup-YE1IBQV8Z4I5 |
+----------------------+---------------------------------------------------------------------------------+
| sg-d789a8b3          | SecurityGroup-prod-ChatDBSecurityGroup-VSGO10T7K3C2                             |
+----------------------+---------------------------------------------------------------------------------+
| sg-e989a88d          | SecurityGroup-prod-HotTopicSecurityGroup-19B90HBP1PWJK                          |
+----------------------+---------------------------------------------------------------------------------+

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment