Cloud Custodian

Introduction

Getting Started
Generic Filters
Generic Actions
- Webhook Action
Advanced Usage
Example tag compliance policy
Deployment

AWS

Getting Started
Example Policies
Monitoring your environment
Lambda Support
AWS Topics
Developer Guide
Adding New AWS Resources
AWS Reference

Azure

Getting Started
Configuring Azure Policies
Examples
Advanced Usage
Azure Reference

GCP

Getting Started
Examples
Policies
- Generic Actions
  - Notify
- Load Balancer
Developer Guide
Adding New GCP Resources
- Create New GCP Resource
- Load New GCP Resource
Testing
- Updating Existing Tests
GCP Reference

Oracle Cloud Infrastructure (OCI)

Getting Started (Beta)
Example Policies
Testing
Oracle Cloud Infrastructure Reference
Advanced Usage
- Logging and Output
  - Writing Custodian Logs to Object Storage
  - Writing Custodian Logs to OCI Logging Service

Tencent Cloud

Tencent Cloud
Installation
Usage
Tencent Cloud Reference

Kubernetes

Getting Started (Alpha)
Kubernetes Controller Mode
- Install the Server
Option 1: Manual installation
Option 2: Helm chart
- Testing
- Authoring Policies
Examples

Tools

c7n-org: Multi Account Custodian Execution
c7n-mailer: Custodian Mailer
Custodian policies for Infrastructure Code
Custodian Kubernetes Support
cask: easy custodian exec via docker
- Install
- Run
- Build
c7n-log-exporter: Cloud watch log exporter automation
c7n-trailcreator: Retroactive Resource Creator Tagging
c7n-policystream: Policy Changes from Git
- Install
- Build
- Usage
- Options
OmniSSM - EC2 Systems Manager Automation
c7n-guardian: Automated multi-account Guard Duty setup
- Accounts Credentials
- Using custodian policies for remediation
c7n-salactus: Distributed Scale out S3 processing

Contributing

Contributing to Cloud Custodian
Developer Guide
Installing for Developers
- Installing Prerequisites
  - Install Python 3
  - Install Poetry
    - On Mac/Linux
    - On Windows with Powershell
- Installing Custodian
Testing for Developers
Documentation For Developers
Packaging Custodian
- Usage
- Caveats

Cloud Custodian

Example Policies

Previous Next

Example Policies

These use cases provide examples of specific policies for individual AWS modules.

Account - Login From Invalid IP Address
Account - Detect Root Logins
Account - Service Limit
AMI - Stop EC2 using Unapproved AMIs
AutoScaling Group - Verify ASGs have valid configurations
AMI - ASG Garbage Collector
ASG - Offhours Support
Block New Resources In Non-Standard Regions
DMS - DB Migration Service Endpoint - Enforce SSL
EBS - Garbage Collect Unattached Volumes
EBS - Create and Manage Snapshots
EBS - Delete Unencrypted
EC2 - auto-tag aws userName on resources
EC2 - Modify Instance Metadata Options
EC2 - Offhours Support
EC2 - Old Instance Report
EC2 - Power On For Scheduled Patching
EC2 - Terminate Unpatchable Instances
EIP - Garbage Collect Unattached Elastic IPs
ELB - Delete New Internet-Facing ELBs
ELB - Delete Unused Elastic Load Balancers
ELB - SSL Blacklist
ELB - SSL Whitelist
IAM - Manage Whether A Specific IAM Policy is Attached to Roles
Lambda - Notify On Lambda Errors
Example offhours policy
RDS - Delete Unused Databases With No Connections
RDS - Terminate Unencrypted Public Instances
S3 - Configure New Buckets Settings and Standards
S3 - Block Public S3 Object ACLs
S3 - Encryption
S3 - Global Grants
S3 - Add lifecycle policy on bucket delete
SageMaker Notebook - Delete Public or Unencrypted
Security Groups - add permission
Security Groups - Detect and Remediate Violations
Tag Compliance Across Resources (EC2, ASG, ELB, S3, etc)
VPC - Flow Log Configuration Check
VPC - Notify On Invalid External Peering Connections

Previous Next

© Copyright .

Built with Sphinx using a theme provided by Read the Docs.