aws.fsx¶
Filters¶
consecutive-aws-backups¶
Returns resources where number of consective backups (based on the periodicity defined in the filter) is equal to/or greater than n units. This filter supports the resources that use AWS Backup service for backups.
- example:
policies:
- name: dynamodb-consecutive-aws-backup-count
resource: dynamodb-table
filters:
- type: consecutive-aws-backups
count: 7
period: days
status: 'COMPLETED'
properties:
count:
minimum: 1
type: number
period:
enum:
- hours
- days
- weeks
status:
enum:
- COMPLETED
- PARTIAL
- DELETING
- EXPIRED
type:
enum:
- consecutive-aws-backups
required:
- count
- period
- status
- type
Permissions - backup:ListRecoveryPointsByResource
consecutive-backups¶
Returns consecutive daily FSx backups, which are equal to/or greater than n days. :Example:
policies:
- name: fsx-daily-backup-count
resource: fsx
filters:
- type: consecutive-backups
days: 5
actions:
- notify
properties:
days:
minimum: 1
type: number
type:
enum:
- consecutive-backups
required:
- days
- type
Permissions - fsx:DescribeBackups, fsx:DescribeVolumes
kms-key¶
Filter a resource by its associated kms key and optionally the aliasname of the kms key by using ‘c7n:AliasName’
- example:
Match a specific key alias:
policies: - name: dms-encrypt-key-check resource: dms-instance filters: - type: kms-key key: "c7n:AliasName" value: alias/aws/dms
Or match against native key attributes such as KeyManager
, which
more explicitly distinguishes between AWS
and CUSTOMER
-managed
keys. The above policy can also be written as:
policies: - name: dms-aws-managed-key resource: dms-instance filters: - type: kms-key key: KeyManager value: AWS
properties:
default:
type: object
key:
type: string
match-resource:
type: boolean
op:
enum:
- eq
- equal
- ne
- not-equal
- gt
- greater-than
- ge
- gte
- le
- lte
- lt
- less-than
- glob
- regex
- regex-case
- in
- ni
- not-in
- contains
- difference
- intersect
- mod
operator:
enum:
- and
- or
type:
enum:
- kms-key
value:
oneOf:
- type: array
- type: string
- type: boolean
- type: number
- type: 'null'
value_from:
additionalProperties: 'False'
properties:
expr:
oneOf:
- type: integer
- type: string
format:
enum:
- csv
- json
- txt
- csv2dict
headers:
patternProperties:
? ''
: type: string
type: object
query:
type: string
url:
type: string
required:
- url
type: object
value_path:
type: string
value_regex:
type: string
value_type:
enum:
- age
- integer
- expiration
- normalize
- size
- cidr
- cidr_size
- swap
- resource_count
- expr
- unique_size
- date
- version
- float
required:
- type
Permissions - kms:ListKeys, tag:GetResources, kms:ListResourceTags, kms:DescribeKey
Actions¶
backup¶
Create Backups of File Systems
Tags are specified in key value pairs, e.g.: BackupSource: CloudCustodian
- example:
policies:
- name: backup-fsx-resource
comment: |
creates a backup of fsx resources and
copies tags from file system to the backup
resource: fsx
actions:
- type: backup
copy-tags: True
tags:
BackupSource: CloudCustodian
- name: backup-fsx-resource-copy-specific-tags
comment: |
creates a backup of fsx resources and
copies tags from file system to the backup
resource: fsx
actions:
- type: backup
copy-tags:
- Application
- Owner
# or use '*' to specify all tags
tags:
BackupSource: CloudCustodian
properties:
copy-tags:
oneOf:
- type: boolean
- items:
type: string
type: array
tags:
type: object
type:
enum:
- backup
required:
- type
Permissions - fsx:CreateBackup
delete¶
Delete Filesystems
- example:
policies:
- name: delete-fsx-instance-with-snapshot
resource: fsx
filters:
- FileSystemId: fs-1234567890123
actions:
- type: delete
copy-tags:
- Application
- Owner
tags:
DeletedBy: CloudCustodian
- name: delete-fsx-instance-skip-snapshot
resource: fsx
filters:
- FileSystemId: fs-1234567890123
actions:
- type: delete
skip-snapshot: True
properties:
copy-tags:
oneOf:
- items:
type: string
type: array
- type: boolean
skip-snapshot:
type: boolean
tags:
type: object
type:
enum:
- delete
required:
- type
Permissions - fsx:DeleteFileSystem
update¶
Update FSx resource configurations
- example:
policies:
- name: update-fsx-resource
resource: fsx
actions:
- type: update
WindowsConfiguration:
AutomaticBackupRetentionDays: 1
DailyAutomaticBackupStartTime: '04:30'
WeeklyMaintenanceStartTime: '04:30'
LustreConfiguration:
WeeklyMaintenanceStartTime: '04:30'
Reference: https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateFileSystem.html
properties:
LustreConfiguration:
type: object
WindowsConfiguration:
type: object
type:
enum:
- update
required:
- type
Permissions - fsx:UpdateFileSystem