AWS ModesΒΆ

Custodian can run in numerous modes depending on the provider with the default being pull Mode.

  • pull:

    Default mode, which runs locally where custodian is run.

    properties:
      type:
        enum:
        - pull
    required:
    - type
    
  • periodic:

    Runs Custodian in AWS lambda at user defined cron interval.

    properties:
      concurrency:
        type: integer
      dead_letter_config:
        type: object
      environment:
        type: object
      execution-options:
        type: object
      function-prefix:
        type: string
      kms_key_arn:
        type: string
      layers:
        items:
          type: string
        type: array
      member-role:
        type: string
      memory:
        type: number
      packages:
        items:
          type: string
        type: array
      role:
        type: string
      runtime:
        enum:
        - python2.7
        - python3.6
        - python3.7
      schedule:
        type: string
      security_groups:
        type: array
      subnets:
        type: array
      tags:
        type: object
      timeout:
        type: number
      tracing_config:
        type: object
      type:
        enum:
        - periodic
    required:
    - type
    
  • phd:

    Runs custodian in AWS lambda and is triggered by Personal Health Dashboard events. These events are triggered by changes in the health of AWS resources, giving you event visibility, and guidance to help quickly diagnose and resolve issues. See Personal Health Dashboard for more details.

    properties:
      categories:
        items:
          enum:
          - issue
          - accountNotification
          - scheduledChange
        type: array
      concurrency:
        type: integer
      dead_letter_config:
        type: object
      environment:
        type: object
      events:
        items:
          type: string
        type: array
      execution-options:
        type: object
      function-prefix:
        type: string
      kms_key_arn:
        type: string
      layers:
        items:
          type: string
        type: array
      member-role:
        type: string
      memory:
        type: number
      packages:
        items:
          type: string
        type: array
      role:
        type: string
      runtime:
        enum:
        - python2.7
        - python3.6
        - python3.7
      security_groups:
        type: array
      statuses:
        items:
          enum:
          - open
          - upcoming
          - closed
        type: array
      subnets:
        type: array
      tags:
        type: object
      timeout:
        type: number
      tracing_config:
        type: object
      type:
        enum:
        - phd
    required:
    - events
    - type
    
  • cloudtrail:

    Runs custodian in AWS lambda and is triggered by cloudtrail events. This allows you to apply your policies as soon as events occur. Cloudtrail creates an event for every api call that occurs in your aws account. See Cloudtrail for more details.

    properties:
      concurrency:
        type: integer
      dead_letter_config:
        type: object
      environment:
        type: object
      events:
        items:
          oneOf:
          - type: string
          - properties:
              event:
                type: string
              ids:
                type: string
              source:
                type: string
            required:
            - event
            - source
            - ids
            type: object
        type: array
      execution-options:
        type: object
      function-prefix:
        type: string
      kms_key_arn:
        type: string
      layers:
        items:
          type: string
        type: array
      member-role:
        type: string
      memory:
        type: number
      packages:
        items:
          type: string
        type: array
      role:
        type: string
      runtime:
        enum:
        - python2.7
        - python3.6
        - python3.7
      security_groups:
        type: array
      subnets:
        type: array
      tags:
        type: object
      timeout:
        type: number
      tracing_config:
        type: object
      type:
        enum:
        - cloudtrail
    required:
    - type
    
  • ec2-instance-state:

    Runs custodian in AWS lambda and is triggered by ec2 instance state changes. This is useful if you have policies that are specific to ec2. See EC2 lifecycles for more details.

    properties:
      concurrency:
        type: integer
      dead_letter_config:
        type: object
      environment:
        type: object
      events:
        items:
          enum:
          - pending
          - running
          - shutting-down
          - stopped
          - stopping
          - terminated
        type: array
      execution-options:
        type: object
      function-prefix:
        type: string
      kms_key_arn:
        type: string
      layers:
        items:
          type: string
        type: array
      member-role:
        type: string
      memory:
        type: number
      packages:
        items:
          type: string
        type: array
      role:
        type: string
      runtime:
        enum:
        - python2.7
        - python3.6
        - python3.7
      security_groups:
        type: array
      subnets:
        type: array
      tags:
        type: object
      timeout:
        type: number
      tracing_config:
        type: object
      type:
        enum:
        - ec2-instance-state
    required:
    - type
    
  • asg-instance-state:

    Runs custodian in AWS lambda and is triggered by asg instance state changes. This is useful if you have policies that are specific to asg. See ASG lifecycle hooks for more details.

    properties:
      concurrency:
        type: integer
      dead_letter_config:
        type: object
      environment:
        type: object
      events:
        items:
          enum:
          - launch-success
          - launch-failure
          - terminate-success
          - terminate-failure
        type: array
      execution-options:
        type: object
      function-prefix:
        type: string
      kms_key_arn:
        type: string
      layers:
        items:
          type: string
        type: array
      member-role:
        type: string
      memory:
        type: number
      packages:
        items:
          type: string
        type: array
      role:
        type: string
      runtime:
        enum:
        - python2.7
        - python3.6
        - python3.7
      security_groups:
        type: array
      subnets:
        type: array
      tags:
        type: object
      timeout:
        type: number
      tracing_config:
        type: object
      type:
        enum:
        - asg-instance-state
    required:
    - type
    
  • guard-duty:

    Runs custodian in AWS lambda and is triggered by guard-duty responses. AWS Guard Duty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior. This mode allows you to execute polcies when various alerts are created by AWS Guard Duty. See Guard Duty for more details.

properties:
  concurrency:
    type: integer
  dead_letter_config:
    type: object
  environment:
    type: object
  execution-options:
    type: object
  function-prefix:
    type: string
  kms_key_arn:
    type: string
  layers:
    items:
      type: string
    type: array
  member-role:
    type: string
  memory:
    type: number
  packages:
    items:
      type: string
    type: array
  role:
    type: string
  runtime:
    enum:
    - python2.7
    - python3.6
    - python3.7
  security_groups:
    type: array
  subnets:
    type: array
  tags:
    type: object
  timeout:
    type: number
  tracing_config:
    type: object
  type:
    enum:
    - guard-duty
required:
- type
  • config-rule:

    Runs custodian in AWS lambda and gets triggered by AWS config when there are configuration changes of your AWS resources. This is useful if you have policies that enforce certain configurations or want to get notified based on certain configuration changes. See AWS Config for more details.

    properties:
      concurrency:
        type: integer
      dead_letter_config:
        type: object
      environment:
        type: object
      execution-options:
        type: object
      function-prefix:
        type: string
      kms_key_arn:
        type: string
      layers:
        items:
          type: string
        type: array
      member-role:
        type: string
      memory:
        type: number
      packages:
        items:
          type: string
        type: array
      role:
        type: string
      runtime:
        enum:
        - python2.7
        - python3.6
        - python3.7
      security_groups:
        type: array
      subnets:
        type: array
      tags:
        type: object
      timeout:
        type: number
      tracing_config:
        type: object
      type:
        enum:
        - config-rule
    required:
    - type