Cloud Custodian
Introduction
Getting Started
Install Cloud Custodian
Linux and Mac OS
Windows (CMD/PowerShell)
Docker
Explore Cloud Custodian
Cloud Provider Specific Help
Troubleshooting & Tinkering
Monitor resources
Editor Integration
Tab Completion
Troubleshooting
Generic Filters
Value Filter
Event Filter
Reduce Filter
Grouping resources
Sorting resources
Selecting resources
Combining resource groups
Attributes
Examples
Generic Actions
Webhook Action
Advanced Usage
Running against multiple regions
Reporting against multiple regions
Conditional Policy Execution
Limiting how many resources custodian affects
Adding custom fields to reports
Example tag compliance policy
Deployment
Compliance as Code
Continuous Integration of Policies
IAM Setup
Single Node Deployment
Monitoring Cloud Custodian
Mailer and Notifications Deployment
Multi Account Execution
Advanced Continuous Integration Tips
Additional Resources
AWS
Getting Started
Write your first policy
Run your policy
A 2nd Example Policy
Monitor AWS
Troubleshooting & Tinkering
Example Policies
Account - Login From Invalid IP Address
Account - Detect Root Logins
Account - Service Limit
AMI - Stop EC2 using Unapproved AMIs
AutoScaling Group - Verify ASGs have valid configurations
AMI - ASG Garbage Collector
ASG - Offhours Support
Block New Resources In Non-Standard Regions
DMS - DB Migration Service Endpoint - Enforce SSL
EBS - Garbage Collect Unattached Volumes
EBS - Create and Manage Snapshots
EBS - Delete Unencrypted
EC2 - auto-tag aws userName on resources
EC2 - Offhours Support
EC2 - Old Instance Report
EC2 - Power On For Scheduled Patching
EC2 - Terminate Unpatchable Instances
EIP - Garbage Collect Unattached Elastic IPs
ELB - Delete New Internet-Facing ELBs
ELB - Delete Unused Elastic Load Balancers
ELB - SSL Blacklist
ELB - SSL Whitelist
IAM - Manage Whether A Specific IAM Policy is Attached to Roles
Lambda - Notify On Lambda Errors
Example offhours policy
Resource Scheduling Offhours
Features
Policy Configuration
Tag Based Configuration
ScheduleParser Time Specifications
Policy examples
Resume During Offhours
ElasticBeanstalk, EFS and Other Services with Tag Value Restrictions
Public Holidays
RDS - Delete Unused Databases With No Connections
RDS - Terminate Unencrypted Public Instances
S3 - Configure New Buckets Settings and Standards
S3 - Block Public S3 Object ACLs
S3 - Encryption
Enable Bucket Encryption
Remediate Existing
Options
Remediate Incoming
Options
Bucket Policy
S3 - Global Grants
SageMaker Notebook - Delete Public or Unencrypted
Security Groups - add permission
Security Groups - Detect and Remediate Violations
Tag Compliance Across Resources (EC2, ASG, ELB, S3, etc)
VPC - Flow Log Configuration Check
VPC - Notify On Invalid External Peering Connections
Monitoring your environment
Metrics
CloudWatch Logs
S3 Logs & Records
Reports
Lambda Support
CloudWatch Events
Cloud Custodian Integration
CloudTrail API Calls
EC2 Instance State Events
Periodic Function
Event Pattern Filtering
Config Rules
Lambda Configuration
Execution Options
AWS Topics
AWS Config
Config Source
Config Rule
Filter
Config Poll Rule
Security Hub
Getting Started
Modes
AWS Systems Manager
EC2 Systems Manager
Ops Center
OmniSSM
AWS X-Ray Support
AWS Reference
AWS Execution Modes
pull
asg-instance-state
cloudtrail
config-poll-rule
config-rule
ec2-instance-state
guard-duty
hub-finding
hub-finding
periodic
phd
pull
AWS Common Actions
auto-tag-user
copy-related-tag
invoke-lambda
invoke-sfn
mark-for-op
modify-policy
modify-security-groups
normalize-tag
notify
post-finding
post-item
put-metric
remove-tag
rename-tag
tag
tag-trim
webhook
AWS Common Filters
check-permissions
config-compliance
event
finding
health-event
iam-analyzer
image
logging
marked-for-op
metrics
network-location
offhour
onhour
ops-item
reduce
security-group
shield-metrics
subnet
tag-count
usage
value
vpc
account resources
aws.account
Filters
Actions
acm resources
aws.acm-certificate
Filters
Actions
apigateway resources
aws.rest-account
Filters
Actions
aws.rest-api
Filters
Actions
aws.rest-resource
Filters
Actions
aws.rest-stage
Filters
Actions
aws.rest-vpclink
Filters
Actions
autoscaling resources
aws.asg
Filters
Actions
aws.launch-config
Filters
Actions
backup resources
aws.backup-plan
Filters
Actions
aws.backup-vault
Filters
Actions
batch resources
aws.batch-compute
Filters
Actions
aws.batch-definition
Filters
Actions
aws.batch-queue
Filters
Actions
clouddirectory resources
aws.cloud-directory
Filters
Actions
cloudformation resources
aws.cfn
Filters
Actions
cloudfront resources
aws.distribution
Filters
Actions
aws.streaming-distribution
Filters
Actions
cloudhsm resources
aws.hsm
Filters
Actions
aws.hsm-client
Filters
Actions
aws.hsm-hapg
Filters
Actions
cloudhsmv2 resources
aws.cloudhsm-cluster
Filters
Actions
cloudsearch resources
aws.cloudsearch
Filters
Actions
cloudtrail resources
aws.cloudtrail
Filters
Actions
cloudwatch resources
aws.alarm
Filters
Actions
aws.insight-rule
Filters
Actions
codeartifact resources
aws.artifact-domain
Filters
Actions
aws.artifact-repo
Filters
Actions
codebuild resources
aws.codebuild
Filters
Actions
codecommit resources
aws.codecommit
Filters
Actions
codepipeline resources
aws.codepipeline
Filters
Actions
cognito-identity resources
aws.identity-pool
Filters
Actions
cognito-idp resources
aws.user-pool
Filters
Actions
config resources
aws.config-recorder
Filters
Actions
aws.config-rule
Filters
Actions
datapipeline resources
aws.datapipeline
Filters
Actions
dax resources
aws.dax
Filters
Actions
directconnect resources
aws.directconnect
Filters
Actions
dlm resources
aws.dlm-policy
Filters
Actions
dms resources
aws.dms-endpoint
Filters
Actions
aws.dms-instance
Filters
Actions
ds resources
aws.directory
Filters
Actions
dynamodb resources
aws.dynamodb-backup
Filters
Actions
aws.dynamodb-table
Filters
Actions
dynamodbstreams resources
aws.dynamodb-stream
Filters
Actions
ec2 resources
aws.ami
Filters
Actions
aws.customer-gateway
Filters
Actions
aws.ebs
Filters
Actions
aws.ebs-snapshot
Filters
Actions
aws.ec2
Filters
Actions
aws.ec2-host
Filters
Actions
aws.ec2-reserved
Filters
Actions
aws.elastic-ip
Filters
Actions
aws.eni
Filters
Actions
aws.internet-gateway
Filters
Actions
aws.key-pair
Filters
Actions
aws.launch-template-version
Filters
Actions
aws.nat-gateway
Filters
Actions
aws.network-acl
Filters
Actions
aws.peering-connection
Filters
Actions
aws.route-table
Filters
Actions
aws.security-group
Filters
Actions
aws.subnet
Filters
Actions
aws.transit-attachment
Filters
Actions
aws.transit-gateway
Filters
Actions
aws.vpc
Filters
Actions
aws.vpc-endpoint
Filters
Actions
aws.vpn-connection
Filters
Actions
aws.vpn-gateway
Filters
Actions
ecr resources
aws.ecr
Filters
Actions
ecs resources
aws.ecs
Filters
Actions
aws.ecs-container-instance
Filters
Actions
aws.ecs-service
Filters
Actions
aws.ecs-task
Filters
Actions
aws.ecs-task-definition
Filters
Actions
efs resources
aws.efs
Filters
Actions
aws.efs-mount-target
Filters
Actions
eks resources
aws.eks
Filters
Actions
elasticache resources
aws.cache-cluster
Filters
Actions
aws.cache-snapshot
Filters
Actions
aws.cache-subnet-group
Filters
Actions
aws.elasticache-group
Filters
Actions
elasticbeanstalk resources
aws.elasticbeanstalk
Filters
Actions
aws.elasticbeanstalk-environment
Filters
Actions
elb resources
aws.elb
Filters
Actions
elbv2 resources
aws.app-elb
Filters
Actions
aws.app-elb-target-group
Filters
Actions
emr resources
aws.emr
Filters
Actions
aws.emr-security-configuration
Filters
Actions
es resources
aws.elasticsearch
Filters
Actions
aws.elasticsearch-reserved
Filters
Actions
events resources
aws.event-rule
Filters
Actions
aws.event-rule-target
Filters
Actions
firehose resources
aws.firehose
Filters
Actions
fsx resources
aws.fsx
Filters
Actions
aws.fsx-backup
Filters
Actions
gamelift resources
aws.gamelift-build
Filters
Actions
aws.gamelift-fleet
Filters
Actions
glacier resources
aws.glacier
Filters
Actions
glue resources
aws.glue-catalog
Filters
Actions
aws.glue-classifier
Filters
Actions
aws.glue-connection
Filters
Actions
aws.glue-crawler
Filters
Actions
aws.glue-database
Filters
Actions
aws.glue-dev-endpoint
Filters
Actions
aws.glue-job
Filters
Actions
aws.glue-ml-transform
Filters
Actions
aws.glue-security-configuration
Filters
Actions
aws.glue-table
Filters
Actions
aws.glue-trigger
Filters
Actions
aws.glue-workflow
Filters
Actions
health resources
aws.health-event
Filters
Actions
iam resources
aws.iam-certificate
Filters
Actions
aws.iam-group
Filters
Actions
aws.iam-oidc-provider
Filters
Actions
aws.iam-policy
Filters
Actions
aws.iam-profile
Filters
Actions
aws.iam-role
Filters
Actions
aws.iam-saml-provider
Filters
Actions
aws.iam-user
Filters
Actions
iot resources
aws.iot
Filters
Actions
kafka resources
aws.kafka
Filters
Actions
kinesis resources
aws.kinesis
Filters
Actions
kinesisanalytics resources
aws.kinesis-analytics
Filters
Actions
kms resources
aws.kms
Filters
Actions
aws.kms-key
Filters
Actions
lambda resources
aws.lambda
Filters
Actions
aws.lambda-layer
Filters
Actions
lightsail resources
aws.lightsail-db
Filters
Actions
aws.lightsail-elb
Filters
Actions
aws.lightsail-instance
Filters
Actions
logs resources
aws.log-group
Filters
Actions
machinelearning resources
aws.ml-model
Filters
Actions
mq resources
aws.message-broker
Filters
Actions
aws.message-config
Filters
Actions
opsworks resources
aws.opswork-stack
Filters
Actions
opsworkscm resources
aws.opswork-cm
Filters
Actions
qldb resources
aws.qldb
Filters
Actions
rds resources
aws.rds
Filters
Actions
aws.rds-cluster
Filters
Actions
aws.rds-cluster-param-group
Filters
Actions
aws.rds-cluster-snapshot
Filters
Actions
aws.rds-param-group
Filters
Actions
aws.rds-reserved
Filters
Actions
aws.rds-snapshot
Filters
Actions
aws.rds-subnet-group
Filters
Actions
aws.rds-subscription
Filters
Actions
redshift resources
aws.redshift
Filters
Actions
aws.redshift-reserved
Filters
Actions
aws.redshift-snapshot
Filters
Actions
aws.redshift-subnet-group
Filters
Actions
route53 resources
aws.healthcheck
Filters
Actions
aws.hostedzone
Filters
Actions
aws.rrset
Filters
Actions
route53domains resources
aws.r53domain
Filters
Actions
s3 resources
aws.s3
Filters
Actions
sagemaker resources
aws.sagemaker-endpoint
Filters
Actions
aws.sagemaker-endpoint-config
Filters
Actions
aws.sagemaker-job
Filters
Actions
aws.sagemaker-model
Filters
Actions
aws.sagemaker-notebook
Filters
Actions
aws.sagemaker-transform-job
Filters
Actions
sdb resources
aws.simpledb
Filters
Actions
secretsmanager resources
aws.secrets-manager
Filters
Actions
serverlessrepo resources
aws.serverless-app
Filters
Actions
servicecatalog resources
aws.catalog-portfolio
Filters
Actions
shield resources
aws.shield-attack
Filters
Actions
aws.shield-protection
Filters
Actions
snowball resources
aws.snowball
Filters
Actions
aws.snowball-cluster
Filters
Actions
sns resources
aws.sns
Filters
Actions
aws.sns-subscription
Filters
Actions
sqs resources
aws.sqs
Filters
Actions
ssm resources
aws.ops-item
Filters
Actions
aws.ssm-activation
Filters
Actions
aws.ssm-managed-instance
Filters
Actions
aws.ssm-parameter
Filters
Actions
stepfunctions resources
aws.step-machine
Filters
Actions
storagegateway resources
aws.storage-gateway
Filters
Actions
support resources
aws.support-case
Filters
Actions
waf resources
aws.waf
Filters
Actions
waf-regional resources
aws.waf-regional
Filters
Actions
workspaces resources
aws.workspaces
Filters
Actions
Azure
Getting Started
Install Cloud Custodian and Azure Plugin
Install latest from the repository to virtual Python environment
Linux and Mac OS
Windows (CMD/PowerShell)
Write your first policy
Run your policy
(Optional) Run your policy with Azure Monitoring
View policy results
Custodian Report
Next Steps
Configuring Azure Policies
Authentication & Access
Azure CLI
Service Principal
Azure Portal
Azure CLI
c7n-org
Access Token
Managed Service Identity
Azure Key Vault Integration
Azure Storage access
Logging, Metrics and Output
Writing Custodian Logs to Azure App Insights
Writing Custodian Metrics to Azure App Insights
Writing Custodian Output to Azure Blob Storage
Authentication to Storage
Hosting Options
Azure Functions Hosting
Overview
Azure Modes
Provision Options
Authentication Options
Execution Options
Event Grid Functions
Management Groups Support
Azure Container Hosting
Overview
Supported Policy Modes
Configuration
Running Locally
Deployment Options
Tutorial - ACI Deployment
1. Create a Resource Group
2. Create a Storage Account
3. Create a Managed Identity
4. Create an Application Insights Instance
5. Create the ACI Container Host
6. Upload a Custodian Policy
Tutorial - Helm Deployment
1. Create a Resource Group
2. Create a Storage Account
3. Create a Service Principal
4. Create an Application Insights Instance
5. Create an AKS Cluster and Install Tiller
6. Deploy the Helm Chart
7. Upload a Custodian Policy
Examples
General
Monitor - Filter resources by metrics from Azure Monitor
Resource Groups - Delayed operations
Resource Groups - Delete or report on orphan resources (NICs, Disks, Public IPs)
Resource Groups - Remove empty Resource Groups
Tags - Add tag to Virtual Machines
Tags - Automatically tag the creator of a resource or resource group
Tags - Remove tag From Virtual Machines
Tags - Trim tags From Virtual Machines
Resource Group - Generate a Teams Message on Create
Compute
App Services - Filter By CORS Configuration
App Service - Resize All Application Service Plans
Resource Groups - Delete or report on orphan resources (NICs, Disks, Public IPs)
Tags - Add tag to Virtual Machines
Tags - Remove tag From Virtual Machines
Tags - Trim tags From Virtual Machines
Virtual Machines - Find Stopped Virtual Machines
Virtual Machines - Find Virtual Machines with public IP address
Databases
Cosmos DB Collections - Resize Throughput with On/Off Hours
SQL - Find databases with specific retention options
SQL - Update SQL Database retention policies
SQL - Find all SQL Databases with Premium SKU
Storage - Add storage firewall rules
Storage - Block public access
Identity
Tags - Automatically tag the creator of a resource or resource group
Networking
Firewall - Update CosmosDB Rules
Firewall - Filter Storage Accounts By Rules
Load Balancer - Filter load balancer by front end public ip
Network Security Groups - Deny access to Network Security Group
Resource Groups - Delete or report on orphan resources (NICs, Disks, Public IPs)
Routes - Find route tables with a specific subnet
Storage - Add storage firewall rules
Storage - Block public access
Virtual Machines - Find Virtual Machines with public IP address
Notifications
Email - Use Azure Logic Apps to notify users of policy violations
Create and configure Azure Logic App
Author Cloud Custodian policy
Test the policy
Email - Send Users an Email
Resource Group - Generate a Teams Message on Create
Advanced Usage
Running against multiple subscriptions
Azure Policy Comparison
Examples
Developer Guide
Adding New Azure Resources
Install Azure Dependencies
Create New Azure Resource
Load New Azure Resource
Testing
Test framework
ARM templates
Cassettes
Running tests
Azure Reference
Azure Execution Modes
pull
azure-event-grid
azure-periodic
container-event
container-periodic
Azure Common Actions
auto-tag-date
auto-tag-user
delete
lock
logic-app
mark-for-op
notify
resize-plan
set-public-access
tag
tag-trim
untag
webhook
Azure Common Filters
active-key-name
auto-regenerate-key
configuration
cost
diagnostic-settings
event
firewall-rules
instance-view
marked-for-op
metric
offer
offhour
onhour
parent
policy-compliant
reduce
regeneration-period
resource-lock
storage-diagnostic-settings
value
AI + Machine Learning resources
azure.cognitiveservice
Filters
Actions
azure.databricks
Filters
Actions
azure.search
Filters
Actions
Active Directory resources
azure.roleassignment
Filters
Actions
azure.roledefinition
Filters
Actions
Analytics resources
azure.datafactory
Filters
Actions
azure.hdinsight
Filters
Actions
Compute resources
azure.aks
Filters
Actions
azure.appserviceplan
Filters
Actions
azure.batch
Filters
Actions
azure.image
Filters
Actions
azure.vm
Filters
Actions
azure.vmss
Filters
Actions
azure.webapp
Filters
Actions
Containers resources
azure.aks
Filters
Actions
azure.container-group
Filters
Actions
azure.containerregistry
Filters
Actions
azure.containerservice
Filters
Actions
Cost resources
azure.cost-management-export
Filters
Actions
Databases resources
azure.cosmosdb
Filters
Actions
azure.cosmosdb-collection
Filters
Actions
azure.cosmosdb-database
Filters
Actions
azure.postgresql-database
Filters
Actions
azure.postgresql-server
Filters
Actions
azure.redis
Filters
Actions
azure.sql-database
Filters
Actions
azure.sql-server
Filters
Actions
Events resources
azure.eventhub
Filters
Actions
azure.eventsubscription
Filters
Actions
Generic resources
azure.armresource
Filters
Actions
azure.policyassignments
Filters
Actions
Integration resources
azure.api-management
Filters
Actions
Internet Of Things resources
azure.iothub
Filters
Actions
Media resources
azure.cdnprofile
Filters
Actions
Networking resources
azure.dnszone
Filters
Actions
azure.loadbalancer
Filters
Actions
azure.networkinterface
Filters
Actions
azure.networksecuritygroup
Filters
Actions
azure.publicip
Filters
Actions
azure.recordset
Filters
Actions
azure.routetable
Filters
Actions
azure.vnet
Filters
Actions
Resource Group resources
azure.resourcegroup
Filters
Actions
Security resources
azure.keyvault
Filters
Actions
azure.keyvault-certificate
Filters
Actions
azure.keyvault-key
Filters
Actions
azure.keyvault-storage
Filters
Actions
Storage resources
azure.datalake
Filters
Actions
azure.disk
Filters
Actions
azure.storage
Filters
Actions
azure.storage-container
Filters
Actions
Subscription resources
azure.policyassignments
Filters
Actions
azure.resourcegroup
Filters
Actions
azure.subscription
Filters
Actions
Web resources
azure.appserviceplan
Filters
Actions
azure.webapp
Filters
Actions
GCP
Getting Started (Beta)
Install GCP Plugin
Option 1: Install released packages to local Python Environment
Option 2: Install latest from the repository
Connect Your Authentication Credentials
GCP CLI
Environment Variables
Write Your First Policy
Run Your Policy
Examples
App Engine - Check if an SSL Certificate is About to Expire
App Engine - Check if a blacklisted domain is still in use
App Engine - Check if a Firewall Rule is in Place
Dataflow - Check for Hanged Jobs
Deployment Manager - Find expired deployments
DNS - Notify if DNS Managed Zone has no DNSSEC
DNS - Notify if Logging is Disabled in DNS Policy
Compute Engine - Enforce minimal CPU utilization target for autoscalers
Compute Engine - Delete Instance Templates with Wrong Settings
Key Management System - Audit Crypto Key protection level
Load Balancer - Delete backend buckets
Load Balancer - Network Tiers
Load Balancer - SSL Policies - Delete policies by TLS version
Pub/Sub - Early Detection of Obsolete Snapshots
Pub/Sub - Audit Subscriptions to Match Requirements
Spanner - Drop Databases
Spanner - Reduce Count of Instance Nodes
Spanner - Set IAM Policies
Cloud SQL - List Unsucessful Backups Older Than N Days
Cloud SQL - Check Regions of Instances and Their State
Cloud SQL - Notify on Certificates Which Are About to Expire
Cloud SQL - Check Users
Policies
Generic Actions
Notify
Load Balancer
Developer Guide
Adding New GCP Resources
Create New GCP Resource
Load New GCP Resource
Testing
Updating Existing Tests
GCP Reference
GCP Execution Modes
pull
gcp-audit
gcp-periodic
GCP Common Actions
notify
post-finding
set-iam-policy
webhook
GCP Common Filters
event
offhour
onhour
reduce
value
appengine resources
gcp.app-engine
Filters
Actions
gcp.app-engine-certificate
Filters
Actions
gcp.app-engine-domain
Filters
Actions
gcp.app-engine-domain-mapping
Filters
Actions
gcp.app-engine-firewall-ingress-rule
Filters
Actions
bigquery resources
gcp.bq-dataset
Filters
Actions
gcp.bq-job
Filters
Actions
gcp.bq-table
Filters
Actions
cloudbilling resources
gcp.cloudbilling-account
Filters
Actions
cloudbuild resources
gcp.build
Filters
Actions
cloudfunctions resources
gcp.function
Filters
Actions
cloudkms resources
gcp.kms-cryptokey
Filters
Actions
gcp.kms-cryptokey-version
Filters
Actions
gcp.kms-keyring
Filters
Actions
cloudresourcemanager resources
gcp.folder
Filters
Actions
gcp.organization
Filters
Actions
gcp.project
Filters
Actions
compute resources
gcp.autoscaler
Filters
Actions
gcp.disk
Filters
Actions
gcp.firewall
Filters
Actions
gcp.image
Filters
Actions
gcp.instance
Filters
Actions
gcp.instance-template
Filters
Actions
gcp.interconnect
Filters
Actions
gcp.interconnect-attachment
Filters
Actions
gcp.loadbalancer-address
Filters
Actions
gcp.loadbalancer-backend-bucket
Filters
Actions
gcp.loadbalancer-backend-service
Filters
Actions
gcp.loadbalancer-forwarding-rule
Filters
Actions
gcp.loadbalancer-global-address
Filters
Actions
gcp.loadbalancer-global-forwarding-rule
Filters
Actions
gcp.loadbalancer-health-check
Filters
Actions
gcp.loadbalancer-http-health-check
Filters
Actions
gcp.loadbalancer-https-health-check
Filters
Actions
gcp.loadbalancer-ssl-certificate
Filters
Actions
gcp.loadbalancer-ssl-policy
Filters
Actions
gcp.loadbalancer-target-http-proxy
Filters
Actions
gcp.loadbalancer-target-https-proxy
Filters
Actions
gcp.loadbalancer-target-instance
Filters
Actions
gcp.loadbalancer-target-pool
Filters
Actions
gcp.loadbalancer-target-ssl-proxy
Filters
Actions
gcp.loadbalancer-target-tcp-proxy
Filters
Actions
gcp.loadbalancer-url-map
Filters
Actions
gcp.route
Filters
Actions
gcp.router
Filters
Actions
gcp.snapshot
Filters
Actions
gcp.subnet
Filters
Actions
gcp.vpc
Filters
Actions
container resources
gcp.gke-cluster
Filters
Actions
gcp.gke-nodepool
Filters
Actions
dataflow resources
gcp.dataflow-job
Filters
Actions
deploymentmanager resources
gcp.dm-deployment
Filters
Actions
dns resources
gcp.dns-managed-zone
Filters
Actions
gcp.dns-policy
Filters
Actions
iam resources
gcp.iam-role
Filters
Actions
gcp.project-role
Filters
Actions
gcp.service-account
Filters
Actions
logging resources
gcp.log-exclusion
Filters
Actions
gcp.log-project-metric
Filters
Actions
gcp.log-project-sink
Filters
Actions
ml resources
gcp.ml-job
Filters
Actions
gcp.ml-model
Filters
Actions
pubsub resources
gcp.pubsub-snapshot
Filters
Actions
gcp.pubsub-subscription
Filters
Actions
gcp.pubsub-topic
Filters
Actions
servicemanagement resources
gcp.service
Filters
Actions
sourcerepo resources
gcp.sourcerepo
Filters
Actions
spanner resources
gcp.spanner-database-instance
Filters
Actions
gcp.spanner-instance
Filters
Actions
sqladmin resources
gcp.sql-backup-run
Filters
Actions
gcp.sql-instance
Filters
Actions
gcp.sql-ssl-cert
Filters
Actions
gcp.sql-user
Filters
Actions
storage resources
gcp.bucket
Filters
Actions
Tools
c7n-org: Multi Account Custodian Execution
Installation
Config File Generation
Running a Policy with c7n-org
Selecting accounts and policy for execution
Defining and using variables
Other commands
Additional Azure Instructions
cask: easy custodian exec via docker
Install
Run
Build
c7n-mailer: Custodian Mailer
Message Relay
Tutorial
Email:
DataDog:
Slack:
Splunk HTTP Event Collector (HEC)
Now run:
Usage & Configuration
Standard Lambda Function Config
Standard Azure Functions Config
Mailer Infrastructure Config
SMTP Config
DataDog Config
Slack Config
SendGrid Config
Splunk HEC Config
SDK Config
Secured String
AWS
Azure
Configuring a policy to send email
Using on Azure
Deploying Azure Functions
Configuring Function Identity
Writing an email template
Developer Install (OS X El Capitan)
Testing Templates and Recipients
Testing Templates for Azure
c7n-log-exporter: Cloud watch log exporter automation
Features
Assumptions
Cli usage
Config format
Multiple accounts via cli
Serverless Usage
c7n-trailcreator: Retroactive Resource Creator Tagging
Install
Config File
Athena Usage
Tagging
Multi Account / Multi Region
c7n-policystream: Policy Changes from Git
Install
Build
Usage
Options
OmniSSM - EC2 Systems Manager Automation
Client Configuration
Links
Todo
c7n-guardian: Automated multi-account Guard Duty setup
Accounts Credentials
Using custodian policies for remediation
c7n-salactus: Distributed Scale out S3 processing
Use Cases
Usage
Sample Configuration
Contributing
Contributing to Cloud Custodian
Developer install
Issues
Contributor agreement
Developer Guide
Installing for Developers
Installing Prerequisites
Install Python 3
On Ubuntu
On macOS with Homebrew
Basic Python Tools
Installing Custodian
Testing for Developers
Running tests
Operating System Compatibility
Writing Tests for Cloud Controlled Resources
Creating Cloud Resources with Terraform
Recording Custodian Interactions
Controlling Resource Cleanup
Converting older functional tests
Documentation For Developers
Find the Documentation
Edit the Documentation
Render the Documentation
Packaging Custodian
Usage
Caveats
Cloud Custodian
Docs
»
GCP Reference
»
servicemanagement resources
Next
Previous
servicemanagement resources
ΒΆ
gcp.service