Cloud Custodian

Introduction

  • Getting Started
    • Install Cloud Custodian
      • Linux and Mac OS
      • Windows (CMD/PowerShell)
    • Explore Cloud Custodian
    • Cloud Provider Specific Help
      • Troubleshooting & Tinkering
    • Monitor resources
    • Tab Completion
      • Troubleshooting
  • Generic Filters
    • Value Filter
    • Event Filter
  • Generic Actions
    • Webhook Action
  • Advanced Usage
    • Running against multiple regions
    • Reporting against multiple regions
    • Filtering Policy Execution by Date
    • Limiting how many resources custodian affects
    • Adding custom fields to reports
  • Example tag compliance policy
  • Deployment
    • Compliance as Code
    • Continuous Integration of Policies
    • IAM Setup
    • Single Node Deployment
    • Monitoring Cloud Custodian
    • Mailer and Notifications Deployment
    • Multi Account Execution
    • Advanced Continuous Integration Tips
    • Additional Resources

AWS

  • Getting Started
    • Write your first policy
    • Run your policy
    • A 2nd Example Policy
    • Monitor AWS
      • Troubleshooting & Tinkering
  • Example Policies
    • Account - Login From Invalid IP Address
    • Account - Detect Root Logins
    • Account - Service Limit
    • AMI - Stop EC2 using Unapproved AMIs
    • AutoScaling Group - Verify ASGs have valid configurations
    • ASG - Offhours Support
    • Block New Resources In Non-Standard Regions
    • DMS - DB Migration Service Endpoint - Enforce SSL
    • EBS - Garbage Collect Unattached Volumes
    • EBS - Create and Manage Snapshots
    • EBS - Delete Unencrypted
    • EC2 - auto-tag aws userName on resources
    • EC2 - Offhours Support
    • EC2 - Old Instance Report
    • EC2 - Power On For Scheduled Patching
    • EC2 - Terminate Unpatchable Instances
    • ELB - Delete New Internet-Facing ELBs
    • ELB - Delete Unused Elastic Load Balancers
    • ELB - SSL Blacklist
    • ELB - SSL Whitelist
    • IAM - Manage Whether A Specific IAM Policy is Attached to Roles
    • Lambda - Notify On Lambda Errors
    • Example offhours policy
      • Resource Scheduling Offhours
      • Features
      • Policy Configuration
      • Tag Based Configuration
        • ScheduleParser Time Specifications
      • Policy examples
      • Resume During Offhours
      • ElasticBeanstalk, EFS and Other Services with Tag Value Restrictions
      • Public Holidays
    • RDS - Delete Unused Databases With No Connections
    • RDS - Terminate Unencrypted Public Instances
    • S3 - Configure New Buckets Settings and Standards
    • S3 - Block Public S3 Object ACLs
    • S3 - Encryption
      • Enable Bucket Encryption
      • Remediate Existing
        • Options
      • Remediate Incoming
        • Options
      • Bucket Policy
    • S3 - Global Grants
    • SageMaker Notebook - Delete Public or Unencrypted
    • Security Groups - Detect and Remediate Violations
    • Tag Compliance Across Resources (EC2, ASG, ELB, S3, etc)
    • VPC - Flow Log Configuration Check
    • VPC - Notify On Invalid External Peering Connections
  • AWS Modes
  • Monitoring your environment
    • Metrics
    • CloudWatch Logs
    • S3 Logs & Records
    • Reports
  • Lambda Support
    • CloudWatch Events
      • Cloud Custodian Integration
        • CloudTrail API Calls
        • EC2 Instance State Events
        • Periodic Function
    • Config Rules
    • Lambda Configuration
    • Execution Options
  • AWS Reference
    • AWS Common Actions
      • auto-tag-user
      • copy-related-tag
      • invoke-lambda
      • invoke-sfn
      • mark-for-op
      • modify-policy
      • modify-security-groups
      • normalize-tag
      • notify
      • post-finding
      • put-metric
      • remove-tag
      • rename-tag
      • tag
      • tag-trim
      • webhook
    • AWS Common Filters
      • check-permissions
      • config-compliance
      • event
      • finding
      • health-event
      • image
      • marked-for-op
      • metrics
      • network-location
      • offhour
      • onhour
      • security-group
      • shield-metrics
      • subnet
      • tag-count
      • usage
      • value
      • vpc
    • aws.account resources
      • aws.account
        • Filters
        • Actions
    • aws.acm resources
      • aws.acm-certificate
        • Filters
        • Actions
    • aws.apigateway resources
      • aws.rest-account
        • Filters
        • Actions
      • aws.rest-api
        • Filters
        • Actions
      • aws.rest-resource
        • Filters
        • Actions
      • aws.rest-stage
        • Filters
        • Actions
      • aws.rest-vpclink
        • Filters
        • Actions
    • aws.autoscaling resources
      • aws.asg
        • Filters
        • Actions
      • aws.launch-config
        • Filters
        • Actions
    • aws.backup resources
      • aws.backup-plan
        • Filters
        • Actions
    • aws.batch resources
      • aws.batch-compute
        • Filters
        • Actions
      • aws.batch-definition
        • Filters
        • Actions
    • aws.clouddirectory resources
      • aws.cloud-directory
        • Filters
        • Actions
    • aws.cloudformation resources
      • aws.cfn
        • Filters
        • Actions
    • aws.cloudfront resources
      • aws.distribution
        • Filters
        • Actions
      • aws.streaming-distribution
        • Filters
        • Actions
    • aws.cloudhsm resources
      • aws.hsm
        • Filters
        • Actions
      • aws.hsm-client
        • Filters
        • Actions
      • aws.hsm-hapg
        • Filters
        • Actions
    • aws.cloudhsmv2 resources
      • aws.cloudhsm-cluster
        • Filters
        • Actions
    • aws.cloudsearch resources
      • aws.cloudsearch
        • Filters
        • Actions
    • aws.cloudtrail resources
      • aws.cloudtrail
        • Filters
        • Actions
    • aws.cloudwatch resources
      • aws.alarm
        • Filters
        • Actions
    • aws.codebuild resources
      • aws.codebuild
        • Filters
        • Actions
    • aws.codecommit resources
      • aws.codecommit
        • Filters
        • Actions
    • aws.codepipeline resources
      • aws.codepipeline
        • Filters
        • Actions
    • aws.cognito-identity resources
      • aws.identity-pool
        • Filters
        • Actions
    • aws.cognito-idp resources
      • aws.user-pool
        • Filters
        • Actions
    • aws.config resources
      • aws.config-recorder
        • Filters
        • Actions
      • aws.config-rule
        • Filters
        • Actions
    • aws.datapipeline resources
      • aws.datapipeline
        • Filters
        • Actions
    • aws.dax resources
      • aws.dax
        • Filters
        • Actions
    • aws.directconnect resources
      • aws.directconnect
        • Filters
        • Actions
    • aws.dlm resources
      • aws.dlm-policy
        • Filters
        • Actions
    • aws.dms resources
      • aws.dms-endpoint
        • Filters
        • Actions
      • aws.dms-instance
        • Filters
        • Actions
    • aws.ds resources
      • aws.directory
        • Filters
        • Actions
    • aws.dynamodb resources
      • aws.dynamodb-backup
        • Filters
        • Actions
      • aws.dynamodb-table
        • Filters
        • Actions
    • aws.dynamodbstreams resources
      • aws.dynamodb-stream
        • Filters
        • Actions
    • aws.ec2 resources
      • aws.ami
        • Filters
        • Actions
      • aws.customer-gateway
        • Filters
        • Actions
      • aws.ebs
        • Filters
        • Actions
      • aws.ebs-snapshot
        • Filters
        • Actions
      • aws.ec2
        • Filters
        • Actions
      • aws.ec2-reserved
        • Filters
        • Actions
      • aws.eni
        • Filters
        • Actions
      • aws.internet-gateway
        • Filters
        • Actions
      • aws.key-pair
        • Filters
        • Actions
      • aws.launch-template-version
        • Filters
        • Actions
      • aws.nat-gateway
        • Filters
        • Actions
      • aws.network-acl
        • Filters
        • Actions
      • aws.network-addr
        • Filters
        • Actions
      • aws.peering-connection
        • Filters
        • Actions
      • aws.route-table
        • Filters
        • Actions
      • aws.security-group
        • Filters
        • Actions
      • aws.subnet
        • Filters
        • Actions
      • aws.transit-attachment
        • Filters
        • Actions
      • aws.transit-gateway
        • Filters
        • Actions
      • aws.vpc
        • Filters
        • Actions
      • aws.vpc-endpoint
        • Filters
        • Actions
      • aws.vpn-connection
        • Filters
        • Actions
      • aws.vpn-gateway
        • Filters
        • Actions
    • aws.ecr resources
      • aws.ecr
        • Filters
        • Actions
    • aws.ecs resources
      • aws.ecs
        • Filters
        • Actions
      • aws.ecs-container-instance
        • Filters
        • Actions
      • aws.ecs-service
        • Filters
        • Actions
      • aws.ecs-task
        • Filters
        • Actions
      • aws.ecs-task-definition
        • Filters
        • Actions
    • aws.efs resources
      • aws.efs
        • Filters
        • Actions
      • aws.efs-mount-target
        • Filters
        • Actions
    • aws.eks resources
      • aws.eks
        • Filters
        • Actions
    • aws.elasticache resources
      • aws.cache-cluster
        • Filters
        • Actions
      • aws.cache-snapshot
        • Filters
        • Actions
      • aws.cache-subnet-group
        • Filters
        • Actions
    • aws.elasticbeanstalk resources
      • aws.elasticbeanstalk
        • Filters
        • Actions
      • aws.elasticbeanstalk-environment
        • Filters
        • Actions
    • aws.elb resources
      • aws.elb
        • Filters
        • Actions
    • aws.elbv2 resources
      • aws.app-elb
        • Filters
        • Actions
      • aws.app-elb-target-group
        • Filters
        • Actions
    • aws.emr resources
      • aws.emr
        • Filters
        • Actions
    • aws.es resources
      • aws.elasticsearch
        • Filters
        • Actions
    • aws.events resources
      • aws.event-rule
        • Filters
        • Actions
      • aws.event-rule-target
        • Filters
        • Actions
    • aws.firehose resources
      • aws.firehose
        • Filters
        • Actions
    • aws.fsx resources
      • aws.fsx
        • Filters
        • Actions
      • aws.fsx-backup
        • Filters
        • Actions
    • aws.gamelift resources
      • aws.gamelift-build
        • Filters
        • Actions
      • aws.gamelift-fleet
        • Filters
        • Actions
    • aws.glacier resources
      • aws.glacier
        • Filters
        • Actions
    • aws.glue resources
      • aws.glue-connection
        • Filters
        • Actions
      • aws.glue-crawler
        • Filters
        • Actions
      • aws.glue-database
        • Filters
        • Actions
      • aws.glue-dev-endpoint
        • Filters
        • Actions
      • aws.glue-job
        • Filters
        • Actions
      • aws.glue-table
        • Filters
        • Actions
    • aws.health resources
      • aws.health-event
        • Filters
        • Actions
    • aws.iam resources
      • aws.iam-certificate
        • Filters
        • Actions
      • aws.iam-group
        • Filters
        • Actions
      • aws.iam-policy
        • Filters
        • Actions
      • aws.iam-profile
        • Filters
        • Actions
      • aws.iam-role
        • Filters
        • Actions
      • aws.iam-user
        • Filters
        • Actions
    • aws.iot resources
      • aws.iot
        • Filters
        • Actions
    • aws.kafka resources
      • aws.kafka
        • Filters
        • Actions
    • aws.kinesis resources
      • aws.kinesis
        • Filters
        • Actions
    • aws.kinesisanalytics resources
      • aws.kinesis-analytics
        • Filters
        • Actions
    • aws.kms resources
      • aws.kms
        • Filters
        • Actions
      • aws.kms-key
        • Filters
        • Actions
    • aws.lambda resources
      • aws.lambda
        • Filters
        • Actions
      • aws.lambda-layer
        • Filters
        • Actions
    • aws.lightsail resources
      • aws.lightsail-db
        • Filters
        • Actions
      • aws.lightsail-elb
        • Filters
        • Actions
      • aws.lightsail-instance
        • Filters
        • Actions
    • aws.logs resources
      • aws.log-group
        • Filters
        • Actions
    • aws.machinelearning resources
      • aws.ml-model
        • Filters
        • Actions
    • aws.mq resources
      • aws.message-broker
        • Filters
        • Actions
    • aws.opsworks resources
      • aws.opswork-stack
        • Filters
        • Actions
    • aws.opsworkscm resources
      • aws.opswork-cm
        • Filters
        • Actions
    • aws.rds resources
      • aws.rds
        • Filters
        • Actions
      • aws.rds-cluster
        • Filters
        • Actions
      • aws.rds-cluster-param-group
        • Filters
        • Actions
      • aws.rds-cluster-snapshot
        • Filters
        • Actions
      • aws.rds-param-group
        • Filters
        • Actions
      • aws.rds-reserved
        • Filters
        • Actions
      • aws.rds-snapshot
        • Filters
        • Actions
      • aws.rds-subnet-group
        • Filters
        • Actions
      • aws.rds-subscription
        • Filters
        • Actions
    • aws.redshift resources
      • aws.redshift
        • Filters
        • Actions
      • aws.redshift-snapshot
        • Filters
        • Actions
      • aws.redshift-subnet-group
        • Filters
        • Actions
    • aws.route53 resources
      • aws.healthcheck
        • Filters
        • Actions
      • aws.hostedzone
        • Filters
        • Actions
      • aws.rrset
        • Filters
        • Actions
    • aws.route53domains resources
      • aws.r53domain
        • Filters
        • Actions
    • aws.s3 resources
      • aws.s3
        • Filters
        • Actions
    • aws.sagemaker resources
      • aws.sagemaker-endpoint
        • Filters
        • Actions
      • aws.sagemaker-endpoint-config
        • Filters
        • Actions
      • aws.sagemaker-job
        • Filters
        • Actions
      • aws.sagemaker-model
        • Filters
        • Actions
      • aws.sagemaker-notebook
        • Filters
        • Actions
      • aws.sagemaker-transform-job
        • Filters
        • Actions
    • aws.sdb resources
      • aws.simpledb
        • Filters
        • Actions
    • aws.secretsmanager resources
      • aws.secrets-manager
        • Filters
        • Actions
    • aws.shield resources
      • aws.shield-attack
        • Filters
        • Actions
      • aws.shield-protection
        • Filters
        • Actions
    • aws.snowball resources
      • aws.snowball
        • Filters
        • Actions
      • aws.snowball-cluster
        • Filters
        • Actions
    • aws.sns resources
      • aws.sns
        • Filters
        • Actions
    • aws.sqs resources
      • aws.sqs
        • Filters
        • Actions
    • aws.ssm resources
      • aws.ssm-activation
        • Filters
        • Actions
      • aws.ssm-managed-instance
        • Filters
        • Actions
      • aws.ssm-parameter
        • Filters
        • Actions
    • aws.stepfunctions resources
      • aws.step-machine
        • Filters
        • Actions
    • aws.storagegateway resources
      • aws.storage-gateway
        • Filters
        • Actions
    • aws.support resources
      • aws.support-case
        • Filters
        • Actions
    • aws.waf resources
      • aws.waf
        • Filters
        • Actions
    • aws.waf-regional resources
      • aws.waf-regional
        • Filters
        • Actions
    • aws.workspaces resources
      • aws.workspaces
        • Filters
        • Actions

Azure

  • Getting Started
    • Install Cloud Custodian and Azure Plugin
      • Install latest from the repository to virtual Python environment
        • Linux and Mac OS
        • Windows (CMD/PowerShell)
    • Write your first policy
    • Run your policy
      • (Optional) Run your policy with Azure Monitoring
    • Next Steps
  • Configuring Azure Policies
    • Authentication & Access
      • Azure CLI
      • Service Principal
        • Azure Portal
        • Azure CLI
        • c7n-org
      • Access Token
      • Managed Service Identity
      • Azure Storage access
    • Hosting options
      • Overview
      • Azure Modes
      • Provision Options
      • Execution Options
      • Event Grid Functions
      • Advanced Authentication Options
      • Management Groups Support
        • Timer triggered functions
        • Event triggered functions
        • Permissions
    • Logging, Metrics and Output
      • Writing Custodian Logs to Azure App Insights
      • Writing Custodian Metrics to Azure App Insights
      • Writing Custodian Output to Azure Blob Storage
      • Authentication to Storage
  • Examples
    • General
      • Email notify
      • Monitor - Filter resources by metrics from Azure Monitor
      • Resource Groups - Delayed operations
      • Resource Groups - Remove empty Resource Groups
      • Tags - Add tag to Virtual Machines
      • Tags - Automatically tag the creator of a resource or resource group
      • Tags - Remove tag From Virtual Machines
      • Tags - Trim tags From Virtual Machines
    • Compute
      • App Service - Resize an Application Service Plan
      • Monitor - Filter resources by metrics from Azure Monitor
      • Resource Groups - Delete or report on orphan resources (NICs, Disks, Public IPs)
      • Tags - Add tag to Virtual Machines
      • Tags - Remove tag From Virtual Machines
      • Tags - Trim tags From Virtual Machines
      • Virtual Machines - Find Stopped Virtual Machines
      • Virtual Machines - Find Virtual Machines with public IP address
    • Databases
      • SQL - Find databases with specific retention options
      • SQL - Update SQL Database retention policies
      • SQL - Find all SQL Databases with Premium SKU
    • Identity
      • Tags - Automatically tag the creator of a resource or resource group
    • Networking
      • Load Balancer - Filter load balancer by front end public ip
      • Network Security Groups - Deny access to Network Security Group
      • Resource Groups - Delete or report on orphan resources (NICs, Disks, Public IPs)
      • Routes - Find route tables with a specific subnet
      • Storage - Add storage firewall rules
      • Storage - Remove public storage IP-s
      • Virtual Machines - Find Virtual Machines with public IP address
    • Notifications
      • Email - Use Azure Logic Apps to notify users of policy violations
        • Create Azure Logic App
        • Author Cloud Custodian policy
        • Test the policy
  • Supported Resources
    • Generic Actions
      • Tags
      • Delayed operations
        • Examples
      • Logic App
      • Delete
    • Generic Filters
      • Metric Filter
        • Example Policies
      • Tag Filter
        • Example Policies
      • Marked-For-Op Filter
        • Example Policies
      • Diagnostic Settings Filter
        • Example Policies
    • Access Control
      • Filters
      • Actions
      • Example Policies
    • Azure Kubernetes Service
      • Filters
      • Actions
      • Example Policies
    • API Management
      • Filters
      • Actions
      • Example Policies
    • App Service Plan
      • Filters
      • Actions
      • Example Policies
    • Azure ARM Resource
      • Filters
      • Actions
    • Batch
      • Filters
      • Actions
      • Example Policies
    • CDN
      • Filters
      • Actions
      • Example Policies
    • Cognitive Services
      • Filters
      • Actions
      • Example Policies
    • Container Registry
      • Filters
      • Actions
      • Example Policies
    • Container Service
      • Filters
      • Actions
      • Example Policies
    • Cosmos DB
      • Filters
      • Actions
      • Example Policies
    • Data Factory
      • Filters
      • Actions
      • Example Policies
    • Data Lake
      • Filters
      • Actions
      • Example Policies
    • Disk
      • Filters
      • Actions
      • Example Policies
    • IoT Hub
      • Filters
      • Actions
      • Example Policies
    • Key Vault
      • Filters
      • Actions
      • Example Policies
    • Key Vault Keys
      • Filters
      • Example Policies
    • Load Balancer
      • Filters
      • Actions
      • Example Policies
    • Network Interface
      • Filters
      • Actions
      • Example Policies
    • Network Security Groups
      • Filters
      • Actions
      • Example Policies
    • Policy assignments
      • Filters
      • Actions
      • Example Policies
    • Public IP Address
      • Filters
      • Actions
      • Example Policies
    • Redis
      • Filters
      • Actions
      • Example Policies
    • Resource Groups
      • Filters
      • Actions
      • Example Policies
    • Route Table
      • Filters
      • Actions
      • Example Policies
    • SQL Database
      • Filters
      • Actions
      • Example Policies
    • SQL Server
      • Filters
      • Actions
      • Example Policies
    • Storage
      • Filters
      • Actions
      • Example Policies
    • Subscription
      • Filters
      • Actions
      • Example Policies
    • Virtual Machines
      • Filters
      • Actions
      • Example Policies
    • Virtual Machine Scale Set
      • Filters
      • Actions
      • Example Policies
    • Virtual Networks
      • Filters
      • Actions
      • Example Policies
    • Web Applications
      • Filters
      • Actions
      • Example Policies
  • Advanced Usage
    • Running against multiple subscriptions
    • Azure Policy Comparison
      • Examples
    • Developer Guide
      • Adding New Azure Resources
        • Install Azure Dependencies
        • Create New Azure Resource
        • Load New Azure Resource
      • Testing
        • Test framework
        • ARM templates
        • Cassettes
        • Running tests
  • Azure Reference
    • Azure Common Actions
      • auto-tag-date
      • auto-tag-user
      • delete
      • lock
      • logic-app
      • mark-for-op
      • notify
      • tag
      • tag-trim
      • untag
      • webhook
    • Azure Common Filters
      • cost
      • diagnostic-settings
      • event
      • firewall-rules
      • instance-view
      • marked-for-op
      • metric
      • offer
      • offhour
      • onhour
      • policy-compliant
      • resource-lock
      • storage-diagnostic-settings
      • value
    • azure.keyvault resources
      • azure.keyvault-keys
        • Filters
        • Actions
    • azure.mgmt.apimanagement resources
      • azure.api-management
        • Filters
        • Actions
    • azure.mgmt.authorization resources
      • azure.roleassignment
        • Filters
        • Actions
      • azure.roledefinition
        • Filters
        • Actions
    • azure.mgmt.batch resources
      • azure.batch
        • Filters
        • Actions
    • azure.mgmt.cdn resources
      • azure.cdnprofile
        • Filters
        • Actions
    • azure.mgmt.cognitiveservices resources
      • azure.cognitiveservice
        • Filters
        • Actions
    • azure.mgmt.compute resources
      • azure.disk
        • Filters
        • Actions
      • azure.image
        • Filters
        • Actions
      • azure.vm
        • Filters
        • Actions
      • azure.vmss
        • Filters
        • Actions
    • azure.mgmt.containerregistry resources
      • azure.containerregistry
        • Filters
        • Actions
    • azure.mgmt.containerservice resources
      • azure.aks
        • Filters
        • Actions
      • azure.containerservice
        • Filters
        • Actions
    • azure.mgmt.cosmosdb resources
      • azure.cosmosdb
        • Filters
        • Actions
    • azure.mgmt.databricks.databricks_client resources
      • azure.databricks
        • Filters
        • Actions
    • azure.mgmt.datafactory resources
      • azure.datafactory
        • Filters
        • Actions
    • azure.mgmt.datalake.store resources
      • azure.datalake
        • Filters
        • Actions
    • azure.mgmt.dns resources
      • azure.dnszone
        • Filters
        • Actions
      • azure.recordset
        • Filters
        • Actions
    • azure.mgmt.eventgrid resources
      • azure.eventsubscription
        • Filters
        • Actions
    • azure.mgmt.iothub resources
      • azure.iothub
        • Filters
        • Actions
    • azure.mgmt.keyvault resources
      • azure.keyvault
        • Filters
        • Actions
    • azure.mgmt.network resources
      • azure.loadbalancer
        • Filters
        • Actions
      • azure.networkinterface
        • Filters
        • Actions
      • azure.networksecuritygroup
        • Filters
        • Actions
      • azure.publicip
        • Filters
        • Actions
      • azure.routetable
        • Filters
        • Actions
      • azure.vnet
        • Filters
        • Actions
    • azure.mgmt.redis resources
      • azure.redis
        • Filters
        • Actions
    • azure.mgmt.resource resources
      • azure.armresource
        • Filters
        • Actions
      • azure.resourcegroup
        • Filters
        • Actions
    • azure.mgmt.resource.policy resources
      • azure.policyassignments
        • Filters
        • Actions
    • azure.mgmt.sql resources
      • azure.sqldatabase
        • Filters
        • Actions
      • azure.sqlserver
        • Filters
        • Actions
    • azure.mgmt.storage resources
      • azure.storage
        • Filters
        • Actions
    • azure.mgmt.web resources
      • azure.appserviceplan
        • Filters
        • Actions
      • azure.webapp
        • Filters
        • Actions
    • azure.subscription resources
      • azure.subscription
        • Filters
        • Actions

GCP

  • Getting Started (Beta)
    • Install GCP Plugin
      • Option 1: Install released packages to local Python Environment
      • Option 2: Install latest from the repository
    • Connect Your Authentication Credentials
      • GCP CLI
      • Environment Variables
    • Write Your First Policy
    • Run Your Policy
  • GCP Modes
  • Examples
    • App Engine - Check if an SSL Certificate is About to Expire
    • App Engine - Check if a blacklisted domain is still in use
    • App Engine - Check if a Firewall Rule is in Place
    • Dataflow - Check for Hanged Jobs
    • Deployment Manager - Find expired deployments
    • DNS - Notify if DNS Managed Zone has no DNSSEC
    • DNS - Notify if Logging is Disabled in DNS Policy
    • Load Balancer - Delete backend buckets
    • Load Balancer - Network Tiers
    • Pub/Sub - Early Detection of Obsolete Snapshots
    • Pub/Sub - Audit Subscriptions to Match Requirements
    • Cloud SQL - List Unsucessful Backups Older Than N Days
    • Cloud SQL - Check Regions of Instances and Their State
    • Cloud SQL - Notify on Certificates Which Are About to Expire
    • Cloud SQL - Check Users
  • Policies
    • Generic Actions
      • Notify
    • Load Balancer
  • Developer Guide
  • Adding New GCP Resources
    • Create New GCP Resource
    • Load New GCP Resource
  • Testing
    • Test cases for resources list methods
    • Test cases for resources get methods
    • Running tests
  • GCP Reference
    • GCP Common Actions
      • notify
      • post-finding
      • webhook
    • GCP Common Filters
      • event
      • offhour
      • onhour
      • value
    • gcp.appengine resources
      • gcp.app-engine
        • Filters
        • Actions
      • gcp.app-engine-certificate
        • Filters
        • Actions
      • gcp.app-engine-domain
        • Filters
        • Actions
      • gcp.app-engine-domain-mapping
        • Filters
        • Actions
      • gcp.app-engine-firewall-ingress-rule
        • Filters
        • Actions
    • gcp.bigquery resources
      • gcp.bq-dataset
        • Filters
        • Actions
      • gcp.bq-job
        • Filters
        • Actions
      • gcp.bq-project
        • Filters
        • Actions
      • gcp.bq-table
        • Filters
        • Actions
    • gcp.cloudbilling resources
      • gcp.cloudbilling-account
        • Filters
        • Actions
    • gcp.cloudbuild resources
      • gcp.build
        • Filters
        • Actions
    • gcp.cloudfunctions resources
      • gcp.function
        • Filters
        • Actions
    • gcp.cloudresourcemanager resources
      • gcp.folder
        • Filters
        • Actions
      • gcp.organization
        • Filters
        • Actions
      • gcp.project
        • Filters
        • Actions
    • gcp.compute resources
      • gcp.disk
        • Filters
        • Actions
      • gcp.firewall
        • Filters
        • Actions
      • gcp.image
        • Filters
        • Actions
      • gcp.instance
        • Filters
        • Actions
      • gcp.interconnect
        • Filters
        • Actions
      • gcp.interconnect-attachment
        • Filters
        • Actions
      • gcp.loadbalancer-address
        • Filters
        • Actions
      • gcp.loadbalancer-backend-bucket
        • Filters
        • Actions
      • gcp.loadbalancer-backend-service
        • Filters
        • Actions
      • gcp.loadbalancer-forwarding-rule
        • Filters
        • Actions
      • gcp.loadbalancer-global-address
        • Filters
        • Actions
      • gcp.loadbalancer-global-forwarding-rule
        • Filters
        • Actions
      • gcp.loadbalancer-health-check
        • Filters
        • Actions
      • gcp.loadbalancer-http-health-check
        • Filters
        • Actions
      • gcp.loadbalancer-https-health-check
        • Filters
        • Actions
      • gcp.loadbalancer-ssl-certificate
        • Filters
        • Actions
      • gcp.loadbalancer-ssl-policy
        • Filters
        • Actions
      • gcp.loadbalancer-target-http-proxy
        • Filters
        • Actions
      • gcp.loadbalancer-target-https-proxy
        • Filters
        • Actions
      • gcp.loadbalancer-target-instance
        • Filters
        • Actions
      • gcp.loadbalancer-target-pool
        • Filters
        • Actions
      • gcp.loadbalancer-target-ssl-proxy
        • Filters
        • Actions
      • gcp.loadbalancer-target-tcp-proxy
        • Filters
        • Actions
      • gcp.loadbalancer-url-map
        • Filters
        • Actions
      • gcp.route
        • Filters
        • Actions
      • gcp.router
        • Filters
        • Actions
      • gcp.snapshot
        • Filters
        • Actions
      • gcp.subnet
        • Filters
        • Actions
      • gcp.vpc
        • Filters
        • Actions
    • gcp.container resources
      • gcp.gke-cluster
        • Filters
        • Actions
      • gcp.gke-nodepool
        • Filters
        • Actions
    • gcp.dataflow resources
      • gcp.dataflow-job
        • Filters
        • Actions
    • gcp.deploymentmanager resources
      • gcp.dm-deployment
        • Filters
        • Actions
    • gcp.dns resources
      • gcp.dns-managed-zone
        • Filters
        • Actions
      • gcp.dns-policy
        • Filters
        • Actions
    • gcp.iam resources
      • gcp.iam-role
        • Filters
        • Actions
      • gcp.project-role
        • Filters
        • Actions
      • gcp.service-account
        • Filters
        • Actions
    • gcp.logging resources
      • gcp.logsink
        • Filters
        • Actions
    • gcp.ml resources
      • gcp.ml-job
        • Filters
        • Actions
      • gcp.ml-model
        • Filters
        • Actions
    • gcp.pubsub resources
      • gcp.pubsub-snapshot
        • Filters
        • Actions
      • gcp.pubsub-subscription
        • Filters
        • Actions
      • gcp.pubsub-topic
        • Filters
        • Actions
    • gcp.servicemanagement resources
      • gcp.service
        • Filters
        • Actions
    • gcp.sourcerepo resources
      • gcp.sourcerepo
        • Filters
        • Actions
    • gcp.spanner resources
      • gcp.spanner-database-instance
        • Filters
        • Actions
      • gcp.spanner-instance
        • Filters
        • Actions
    • gcp.sqladmin resources
      • gcp.sql-backup-run
        • Filters
        • Actions
      • gcp.sql-instance
        • Filters
        • Actions
      • gcp.sql-ssl-cert
        • Filters
        • Actions
      • gcp.sql-user
        • Filters
        • Actions
    • gcp.storage resources
      • gcp.bucket
        • Filters
        • Actions

Tools

  • c7n-org: Multi Account Custodian Execution
    • Installation
      • Config File Generation
    • Running a Policy with c7n-org
    • Selecting accounts and policy for execution
    • Defining and using variables
    • Other commands
    • Additional Azure Instructions
  • c7n-policystream: Policy Changes from Git
    • Install
    • Build
    • Usage
    • Options
  • c7n-mailer: Custodian Mailer
    • Message Relay
    • Tutorial
      • Email:
      • DataDog:
      • Slack:
      • Splunk HTTP Event Collector (HEC)
      • Now run:
    • Usage & Configuration
      • Standard Lambda Function Config
      • Standard Azure Functions Config
      • Mailer Infrastructure Config
      • SMTP Config
      • DataDog Config
      • Slack Config
      • SendGrid Config
      • Splunk HEC Config
      • SDK Config
    • Configuring a policy to send email
    • Using on Azure
      • Deploying Azure Functions
    • Writing an email template
    • Developer Install (OS X El Capitan)
    • Testing Templates and Recipients
      • Testing Templates for Azure
  • AWS Retroactive Tagging Resource Creators
    • Install
    • Config File
    • Tagging
    • Multi Account / Multi Region

Contributing

  • Contributing to Cloud Custodian
    • Developer install
    • Issues
    • Contributor agreement
  • Developer Guide
  • Installing for Developers
    • Installing Prerequisites
      • Install Python 3.7
        • On Ubuntu
        • On macOS with Homebrew
      • Basic Python Tools
    • Installing Custodian
  • Testing for Developers
    • Running tests
    • Operating System Compatibility
    • Decorating tests
    • Writing Placebo Tests for AWS Resources
  • Documentation For Developers
    • Find the Documentation
    • Edit the Documentation
    • Render the Documentation
Cloud Custodian
  • Docs »
  • GCP Reference »
  • gcp.cloudresourcemanager resources
Next Previous

gcp.cloudresourcemanager resources¶

  • gcp.folder

  • gcp.organization

  • gcp.project

gcp.folder¶

GCP resource: https://cloud.google.com/resource-manager/reference/rest/v1/folders

Filters¶

  • event

  • value

Actions¶

  • notify

  • post-finding

  • webhook

gcp.organization¶

GCP resource: https://cloud.google.com/resource-manager/reference/rest/v1/organizations

Filters¶

  • event

  • value

Actions¶

  • notify

  • post-finding

  • webhook

gcp.project¶

GCP resource: https://cloud.google.com/compute/docs/reference/rest/v1/projects

Filters¶

  • event

  • value

Actions¶

  • notify

  • post-finding

  • webhook

Next Previous

© Copyright 2017, Capital One Services, LLC

Built with Sphinx using a theme provided by Read the Docs.