Basic concepts and terms

Cloud Custodian works with the following basic concepts, terms, and relationships between them.

Policy - c7n.policy
Defined in yaml, specifies a set of filters and actions to take on a given AWS resource type.
Resource - c7n.manager.ResourceManager

Provides for retrieval of a resource of a given type (typically via AWS API) and defines the vocabulary of filters and actions that can be used on those resources (e.g., ASG, S3, EC2, ELBs, etc).

With the addition of more cloud providers, resources should be prefixed with the appropraite provider, except in the case of AWS resources which do not require a aws. prefix for backwards-compatibility (e.g. azure.vm, gcp.instance).

Mode - c7n.policy (yes, policy)
Defines how the policy will execute (lambda, config rule, poll, etc). Policies run in pull mode by default.
mode:
  type: cloudtrail
  events:
    - RunInstances
Filters - c7n.filters
Given a set of resources, how we filter to the subset that we’re interested in operating on. The filtering language has some default behaviors across resource types like value filtering with JMESPath expressions against the JSON representation of a resource, as well as specific filters for particular resources types (instance age, tag count, etc).
filters:
  - "tag:aws:autoscaling:groupName": absent
  - type: ebs
    key: Encrypted
    value: false
    skip-devices:
      - "/dev/sda1"
      - "/dev/xvda"
  - type: event
    key: "detail.userIdentity.sessionContext.sessionIssuer.userName"
    value: "SuperUser"
    op: ne
Actions - c7n.actions
A verb to use on a given resource, i.e. stop, start, suspend, delete, encrypt, etc.
actions:
  - type: tag
    key: c7n_status
    value: "Unencrypted EBS! Please recreate with Encryption"
  - type: terminate
    force: true