Basic concepts and terms¶
Cloud Custodian works with the following basic concepts, terms, and relationships between them.
- Policy -
Defined in yaml, specifies a set of filters and actions to take on a given AWS resource type.
- Resource -
Provides for retrieval of a resource of a given type (typically via AWS API) and defines the vocabulary of filters and actions that can be used on those resources (e.g., ASG, S3, EC2, ELBs, etc).
With the addition of more cloud providers, resources should be prefixed with the appropraite provider, except in the case of AWS resources which do not require a
aws.prefix for backwards-compatibility (e.g. azure.vm, gcp.instance).
- Mode -
Defines how the policy will execute (lambda, config rule, poll, etc). Policies run in
pullmode by default.
mode: type: cloudtrail events: - RunInstances
- Filters -
Given a set of resources, how we filter to the subset that we’re interested in operating on. The filtering language has some default behaviors across resource types like value filtering with JMESPath expressions against the JSON representation of a resource, as well as specific filters for particular resources types (instance age, tag count, etc).
filters: - "tag:aws:autoscaling:groupName": absent - type: ebs key: Encrypted value: false skip-devices: - "/dev/sda1" - "/dev/xvda" - type: event key: "detail.userIdentity.sessionContext.sessionIssuer.userName" value: "SuperUser" op: ne
- Actions -
A verb to use on a given resource, i.e. stop, start, suspend, delete, encrypt, etc.
actions: - type: tag key: c7n_status value: "Unencrypted EBS! Please recreate with Encryption" - type: terminate force: true