Install Cloud Custodian and Azure Plugin¶
Cloud Custodian is a Python application and supports Python 2 and 3 on Linux and Windows. We recommend using Python 3.6 or higher.
The Azure provider is an additional package which is installed in addition to c7n.
Option 1: Install released packages to local Python Environment¶
$ pip install c7n $ pip install c7n_azure
Option 2: Install latest from the repository¶
$ git clone https://github.com/cloud-custodian/cloud-custodian.git $ cd cloud-custodian $ pip install -e . $ pip install -e tools/c7n_azure
Write your first policy¶
A policy specifies the following items:
The type of resource to run the policy against
Filters to narrow down the set of resources
Actions to take on the filtered set of resources
For this tutorial we will filter to a VM of a specific name, then add the tag
Create a file named
custodian.yml with this content, and update
my_vm_name to match an existing VM.
note: Some text editors (VSCode) inject invalid whitespace characters when copy/pasting YAML from a browser
policies: - name: my-first-policy description: | Adds a tag to a virtual machines resource: azure.vm filters: - type: value key: name value: my_vm_name actions: - type: tag tag: Hello value: World
Run your policy¶
First, choose one of the supported authentication mechanisms and either log in to Azure CLI or set environment variables as documented in Authentication.
custodian run --output-dir=. custodian.yml
If successful, you should see output similar to the following on the command line:
2016-12-20 08:35:06,133: custodian.policy:INFO Running policy my-first-policy resource: azure.vm 2016-12-20 08:35:07,514: custodian.policy:INFO policy: my-first-policy resource:ec2 has count:1 time:1.38 2016-12-20 08:35:08,188: custodian.policy:INFO policy: my-first-policy action: tag: 1 execution_time: 0.67
You should also find a new
my-first-policy directory with a log and other
files (subsequent runs will append to the log by default rather than
See Generic Filters for more information on the features of the Value filter used in this sample.
You can generate App Insights metrics by specifying the
--metrics flag and specifying
$ custodian run -s <output_directory> --metrics azure <policyfile>.yml
You can also upload Cloud Custodian logs to App Insights logs:
$ custodian run --log-group=azure://cloud-custodian/<dev-account>/<region> -s <output_directory> <policyfile>.yml
And you can output logs and resource records to Azure storage accounts:
$ custodian run -s azure://<my-bucket><my-prefix> <policyfile>.yml