AWS ModesΒΆ

Custodian can run in numerous modes depending on the provider with the default being pull Mode.

  • pull:

    Default mode, which runs locally where custodian is run.

    Schema:

    {}
    
  • periodic:

    Runs Custodian in AWS lambda at user defined cron interval.

    Schema:

    {
      "concurrency": {
        "type": "integer"
      },
      "dead_letter_config": {
        "type": "object"
      },
      "environment": {
        "type": "object"
      },
      "execution-options": {
        "type": "object"
      },
      "function-prefix": {
        "type": "string"
      },
      "kms_key_arn": {
        "type": "string"
      },
      "layers": {
        "items": {
          "type": "string"
        },
        "type": "array"
      },
      "member-role": {
        "type": "string"
      },
      "memory": {
        "type": "number"
      },
      "packages": {
        "items": {
          "type": "string"
        },
        "type": "array"
      },
      "role": {
        "type": "string"
      },
      "runtime": {
        "enum": [
          "python2.7",
          "python3.6",
          "python3.7"
        ]
      },
      "schedule": {
        "type": "string"
      },
      "security_groups": {
        "type": "array"
      },
      "subnets": {
        "type": "array"
      },
      "tags": {
        "type": "object"
      },
      "timeout": {
        "type": "number"
      },
      "tracing_config": {
        "type": "object"
      }
    }
    
  • phd:

    Runs custodian in AWS lambda and is triggered by Personal Health Dashboard events. These events are triggered by changes in the health of AWS resources, giving you event visibility, and guidance to help quickly diagnose and resolve issues. See Personal Health Dashboard for more details.

    Schema:

    {
      "categories": {
        "items": {
          "enum": [
            "issue",
            "accountNotification",
            "scheduledChange"
          ]
        },
        "type": "array"
      },
      "concurrency": {
        "type": "integer"
      },
      "dead_letter_config": {
        "type": "object"
      },
      "environment": {
        "type": "object"
      },
      "events": {
        "items": {
          "type": "string"
        },
        "required": true,
        "type": "array"
      },
      "execution-options": {
        "type": "object"
      },
      "function-prefix": {
        "type": "string"
      },
      "kms_key_arn": {
        "type": "string"
      },
      "layers": {
        "items": {
          "type": "string"
        },
        "type": "array"
      },
      "member-role": {
        "type": "string"
      },
      "memory": {
        "type": "number"
      },
      "packages": {
        "items": {
          "type": "string"
        },
        "type": "array"
      },
      "role": {
        "type": "string"
      },
      "runtime": {
        "enum": [
          "python2.7",
          "python3.6",
          "python3.7"
        ]
      },
      "security_groups": {
        "type": "array"
      },
      "statuses": {
        "items": {
          "enum": [
            "open",
            "upcoming",
            "closed"
          ]
        },
        "type": "array"
      },
      "subnets": {
        "type": "array"
      },
      "tags": {
        "type": "object"
      },
      "timeout": {
        "type": "number"
      },
      "tracing_config": {
        "type": "object"
      }
    }
    
  • cloudtrail:

    Runs custodian in AWS lambda and is triggered by cloudtrail events. This allows you to apply your policies as soon as events occur. Cloudtrail creates an event for every api call that occurs in your aws account. See Cloudtrail for more details.

    Schema:

    {
      "concurrency": {
        "type": "integer"
      },
      "dead_letter_config": {
        "type": "object"
      },
      "environment": {
        "type": "object"
      },
      "events": {
        "items": {
          "oneOf": [
            {
              "type": "string"
            },
            {
              "properties": {
                "event": {
                  "type": "string"
                },
                "ids": {
                  "type": "string"
                },
                "source": {
                  "type": "string"
                }
              },
              "required": [
                "event",
                "source",
                "ids"
              ],
              "type": "object"
            }
          ]
        },
        "type": "array"
      },
      "execution-options": {
        "type": "object"
      },
      "function-prefix": {
        "type": "string"
      },
      "kms_key_arn": {
        "type": "string"
      },
      "layers": {
        "items": {
          "type": "string"
        },
        "type": "array"
      },
      "member-role": {
        "type": "string"
      },
      "memory": {
        "type": "number"
      },
      "packages": {
        "items": {
          "type": "string"
        },
        "type": "array"
      },
      "role": {
        "type": "string"
      },
      "runtime": {
        "enum": [
          "python2.7",
          "python3.6",
          "python3.7"
        ]
      },
      "security_groups": {
        "type": "array"
      },
      "subnets": {
        "type": "array"
      },
      "tags": {
        "type": "object"
      },
      "timeout": {
        "type": "number"
      },
      "tracing_config": {
        "type": "object"
      }
    }
    
  • ec2-instance-state:

    Runs custodian in AWS lambda and is triggered by ec2 instance state changes. This is useful if you have policies that are specific to ec2. See EC2 lifecycles for more details.

    Schema:

    {
      "concurrency": {
        "type": "integer"
      },
      "dead_letter_config": {
        "type": "object"
      },
      "environment": {
        "type": "object"
      },
      "events": {
        "items": {
          "enum": [
            "pending",
            "running",
            "shutting-down",
            "stopped",
            "stopping",
            "terminated"
          ]
        },
        "type": "array"
      },
      "execution-options": {
        "type": "object"
      },
      "function-prefix": {
        "type": "string"
      },
      "kms_key_arn": {
        "type": "string"
      },
      "layers": {
        "items": {
          "type": "string"
        },
        "type": "array"
      },
      "member-role": {
        "type": "string"
      },
      "memory": {
        "type": "number"
      },
      "packages": {
        "items": {
          "type": "string"
        },
        "type": "array"
      },
      "role": {
        "type": "string"
      },
      "runtime": {
        "enum": [
          "python2.7",
          "python3.6",
          "python3.7"
        ]
      },
      "security_groups": {
        "type": "array"
      },
      "subnets": {
        "type": "array"
      },
      "tags": {
        "type": "object"
      },
      "timeout": {
        "type": "number"
      },
      "tracing_config": {
        "type": "object"
      }
    }
    
  • asg-instance-state:

    Runs custodian in AWS lambda and is triggered by asg instance state changes. This is useful if you have policies that are specific to asg. See ASG lifecycle hooks for more details.

    Schema:

    {
      "concurrency": {
        "type": "integer"
      },
      "dead_letter_config": {
        "type": "object"
      },
      "environment": {
        "type": "object"
      },
      "events": {
        "items": {
          "enum": [
            "launch-success",
            "launch-failure",
            "terminate-success",
            "terminate-failure"
          ]
        },
        "type": "array"
      },
      "execution-options": {
        "type": "object"
      },
      "function-prefix": {
        "type": "string"
      },
      "kms_key_arn": {
        "type": "string"
      },
      "layers": {
        "items": {
          "type": "string"
        },
        "type": "array"
      },
      "member-role": {
        "type": "string"
      },
      "memory": {
        "type": "number"
      },
      "packages": {
        "items": {
          "type": "string"
        },
        "type": "array"
      },
      "role": {
        "type": "string"
      },
      "runtime": {
        "enum": [
          "python2.7",
          "python3.6",
          "python3.7"
        ]
      },
      "security_groups": {
        "type": "array"
      },
      "subnets": {
        "type": "array"
      },
      "tags": {
        "type": "object"
      },
      "timeout": {
        "type": "number"
      },
      "tracing_config": {
        "type": "object"
      }
    }
    
  • guard-duty:

    Runs custodian in AWS lambda and is triggered by guard-duty responses. AWS Guard Duty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior. This mode allows you to execute polcies when various alerts are created by AWS Guard Duty. See Guard Duty for more details.

Schema:

{
  "concurrency": {
    "type": "integer"
  },
  "dead_letter_config": {
    "type": "object"
  },
  "environment": {
    "type": "object"
  },
  "execution-options": {
    "type": "object"
  },
  "function-prefix": {
    "type": "string"
  },
  "kms_key_arn": {
    "type": "string"
  },
  "layers": {
    "items": {
      "type": "string"
    },
    "type": "array"
  },
  "member-role": {
    "type": "string"
  },
  "memory": {
    "type": "number"
  },
  "packages": {
    "items": {
      "type": "string"
    },
    "type": "array"
  },
  "role": {
    "type": "string"
  },
  "runtime": {
    "enum": [
      "python2.7",
      "python3.6",
      "python3.7"
    ]
  },
  "security_groups": {
    "type": "array"
  },
  "subnets": {
    "type": "array"
  },
  "tags": {
    "type": "object"
  },
  "timeout": {
    "type": "number"
  },
  "tracing_config": {
    "type": "object"
  }
}
  • config-rule:

    Runs custodian in AWS lambda and gets triggered by AWS config when there are configuration changes of your AWS resources. This is useful if you have policies that enforce certain configurations or want to get notified based on certain configuration changes. See AWS Config for more details.

    Schema:

    {
      "concurrency": {
        "type": "integer"
      },
      "dead_letter_config": {
        "type": "object"
      },
      "environment": {
        "type": "object"
      },
      "execution-options": {
        "type": "object"
      },
      "function-prefix": {
        "type": "string"
      },
      "kms_key_arn": {
        "type": "string"
      },
      "layers": {
        "items": {
          "type": "string"
        },
        "type": "array"
      },
      "member-role": {
        "type": "string"
      },
      "memory": {
        "type": "number"
      },
      "packages": {
        "items": {
          "type": "string"
        },
        "type": "array"
      },
      "role": {
        "type": "string"
      },
      "runtime": {
        "enum": [
          "python2.7",
          "python3.6",
          "python3.7"
        ]
      },
      "security_groups": {
        "type": "array"
      },
      "subnets": {
        "type": "array"
      },
      "tags": {
        "type": "object"
      },
      "timeout": {
        "type": "number"
      },
      "tracing_config": {
        "type": "object"
      }
    }