aws.fsx

Filters

consecutive-aws-backups

Returns resources where number of consective backups (based on the periodicity defined in the filter) is equal to/or greater than n units. This filter supports the resources that use AWS Backup service for backups.

example:

policies:
  - name: dynamodb-consecutive-aws-backup-count
    resource: dynamodb-table
    filters:
      - type: consecutive-aws-backups
        count: 7
        period: days
        status: 'COMPLETED'
properties:
  count:
    minimum: 1
    type: number
  period:
    enum:
    - hours
    - days
    - weeks
  status:
    enum:
    - COMPLETED
    - PARTIAL
    - DELETING
    - EXPIRED
  type:
    enum:
    - consecutive-aws-backups
required:
- count
- period
- status
- type

Permissions - backup:ListRecoveryPointsByResource

consecutive-backups

Returns consecutive daily FSx backups, which are equal to/or greater than n days. :Example:

policies:
  - name: fsx-daily-backup-count
    resource: fsx
    filters:
      - type: consecutive-backups
        days: 5
    actions:
      - notify
properties:
  days:
    minimum: 1
    type: number
  type:
    enum:
    - consecutive-backups
required:
- days
- type

Permissions - fsx:DescribeBackups, fsx:DescribeVolumes

kms-key

Filter a resource by its associated kms key and optionally the aliasname of the kms key by using ‘c7n:AliasName’

example:

Match a specific key alias:

policies:
    - name: dms-encrypt-key-check
      resource: dms-instance
      filters:
        - type: kms-key
          key: "c7n:AliasName"
          value: alias/aws/dms

Or match against native key attributes such as KeyManager, which more explicitly distinguishes between AWS and CUSTOMER-managed keys. The above policy can also be written as:

policies:
    - name: dms-aws-managed-key
      resource: dms-instance
      filters:
        - type: kms-key
          key: KeyManager
          value: AWS
properties:
  default:
    type: object
  key:
    type: string
  match-resource:
    type: boolean
  op:
    enum:
    - eq
    - equal
    - ne
    - not-equal
    - gt
    - greater-than
    - ge
    - gte
    - le
    - lte
    - lt
    - less-than
    - glob
    - regex
    - regex-case
    - in
    - ni
    - not-in
    - contains
    - difference
    - intersect
    - mod
  operator:
    enum:
    - and
    - or
  type:
    enum:
    - kms-key
  value:
    oneOf:
    - type: array
    - type: string
    - type: boolean
    - type: number
    - type: 'null'
  value_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      headers:
        patternProperties:
          ? ''
          : type: string
        type: object
      query:
        type: string
      url:
        type: string
    required:
    - url
    type: object
  value_path:
    type: string
  value_regex:
    type: string
  value_type:
    enum:
    - age
    - integer
    - expiration
    - normalize
    - size
    - cidr
    - cidr_size
    - swap
    - resource_count
    - expr
    - unique_size
    - date
    - version
    - float
required:
- type

Permissions - kms:ListKeys, tag:GetResources, kms:ListResourceTags, kms:DescribeKey

Actions

backup

Create Backups of File Systems

Tags are specified in key value pairs, e.g.: BackupSource: CloudCustodian

example:

policies:
    - name: backup-fsx-resource
      comment: |
          creates a backup of fsx resources and
          copies tags from file system to the backup
      resource: fsx
      actions:
        - type: backup
          copy-tags: True
          tags:
            BackupSource: CloudCustodian

    - name: backup-fsx-resource-copy-specific-tags
      comment: |
          creates a backup of fsx resources and
          copies tags from file system to the backup
      resource: fsx
      actions:
        - type: backup
          copy-tags:
            - Application
            - Owner
            # or use '*' to specify all tags
          tags:
            BackupSource: CloudCustodian
properties:
  copy-tags:
    oneOf:
    - type: boolean
    - items:
        type: string
      type: array
  tags:
    type: object
  type:
    enum:
    - backup
required:
- type

Permissions - fsx:CreateBackup

delete

Delete Filesystems

example:

policies:
    - name: delete-fsx-instance-with-snapshot
      resource: fsx
      filters:
        - FileSystemId: fs-1234567890123
      actions:
        - type: delete
          copy-tags:
            - Application
            - Owner
          tags:
            DeletedBy: CloudCustodian

    - name: delete-fsx-instance-skip-snapshot
      resource: fsx
      filters:
        - FileSystemId: fs-1234567890123
      actions:
        - type: delete
          skip-snapshot: True
properties:
  copy-tags:
    oneOf:
    - items:
        type: string
      type: array
    - type: boolean
  skip-snapshot:
    type: boolean
  tags:
    type: object
  type:
    enum:
    - delete
required:
- type

Permissions - fsx:DeleteFileSystem

update

Update FSx resource configurations

example:

policies:
    - name: update-fsx-resource
      resource: fsx
      actions:
        - type: update
          WindowsConfiguration:
            AutomaticBackupRetentionDays: 1
            DailyAutomaticBackupStartTime: '04:30'
            WeeklyMaintenanceStartTime: '04:30'
          LustreConfiguration:
            WeeklyMaintenanceStartTime: '04:30'

Reference: https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateFileSystem.html

properties:
  LustreConfiguration:
    type: object
  WindowsConfiguration:
    type: object
  type:
    enum:
    - update
required:
- type

Permissions - fsx:UpdateFileSystem