Tencent Cloud Common Filters

Filters

check-permissions

CheckPermissions

example

policies:
- name: cam-policy-check-permissions
  resource: tencentcloud.cam-policy
  filters:
  - type: check-permissions
    match: allowed
    actions:
    - cos:GetBucket
    match-operator: or
properties:
  actions:
    items:
      type: string
    type: array
  match:
    oneOf:
    - enum:
      - allowed
      - denied
    - $ref: '#/definitions/filters/valuekv'
    - $ref: '#/definitions/filters/value'
  match-operator:
    enum:
    - and
    - or
  type:
    enum:
    - check-permissions
required:
- actions
- match

event

Filter a resource based on an event.

properties:
  default:
    type: object
  key:
    type: string
  op:
    enum:
    - eq
    - equal
    - ne
    - not-equal
    - gt
    - greater-than
    - ge
    - gte
    - le
    - lte
    - lt
    - less-than
    - glob
    - regex
    - regex-case
    - in
    - ni
    - not-in
    - contains
    - difference
    - intersect
  type:
    enum:
    - event
  value:
    oneOf:
    - type: array
    - type: string
    - type: boolean
    - type: number
    - type: 'null'
  value_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      url:
        type: string
    required:
    - url
    type: object
  value_regex:
    type: string
  value_type:
    enum:
    - age
    - integer
    - expiration
    - normalize
    - size
    - cidr
    - cidr_size
    - swap
    - resource_count
    - expr
    - unique_size
    - date
    - version
required:
- type

marked-for-op

TagActionFilter

properties:
  op:
    type: string
  skew:
    minimum: 0
    type: number
  skew_hours:
    minimum: 0
    type: number
  tag:
    type: string
  type:
    enum:
    - marked-for-op
required:
- type

metrics

Supports metrics filters on resources.

Docs on cloud monitor metrics https://www.tencentcloud.com/document/product/248

example

policies:
  - name: cvm-underutilized
    resource: tencentcloud.cvm
    filters:
      - type: metrics
        name: CPUUsage
        days: 3
        period: 3600
        value: 1.5
        statistics: Average
        op: less-than
  - name: clb_metrics_filter
    resource: tencentcloud.clb
    filters:
      - type: metrics
        name: TotalReq
        statistics: Sum
        period: 3600
        days: 30
        value: 0
        missing-value: 0
        op: eq
properties:
  days:
    type: number
  missing-value:
    type: number
  name:
    type: string
  op:
    enum:
    - eq
    - equal
    - ne
    - not-equal
    - gt
    - greater-than
    - ge
    - gte
    - le
    - lte
    - lt
    - less-than
    - glob
    - regex
    - regex-case
    - in
    - ni
    - not-in
    - contains
    - difference
    - intersect
    type: string
  period:
    type: number
  statistics:
    enum:
    - Average
    - Sum
    - Maximum
    - Minimum
    type: string
  type:
    enum:
    - metrics
  value:
    type: number
required:
- value
- name

reduce

Generic reduce filter to group, sort, and limit your resources.

This example will select the longest running instance from each ASG, then randomly choose 10% of those, maxing at 15 total instances.

example

- name: oldest-instance-by-asg
  resource: ec2
  filters:
    - "tag:aws:autoscaling:groupName": present
    - type: reduce
      group-by: "tag:aws:autoscaling:groupName"
      sort-by: "LaunchTime"
      order: asc
      limit: 1

Or you might want to randomly select a 10 percent of your resources, but no more than 15.

example

- name: random-selection
  resource: ec2
  filters:
    - type: reduce
      order: randomize
      limit: 15
      limit-percent: 10
properties:
  discard:
    minimum: 0
    type: number
  discard-percent:
    maximum: 100
    minimum: 0
    type: number
  group-by:
    oneOf:
    - type: string
    - key:
        type: string
      type: object
      value_regex: string
      value_type:
        enum:
        - string
        - number
        - date
  limit:
    minimum: 0
    type: number
  limit-percent:
    maximum: 100
    minimum: 0
    type: number
  null-order:
    enum:
    - first
    - last
  order:
    enum:
    - asc
    - desc
    - reverse
    - randomize
  sort-by:
    oneOf:
    - type: string
    - key:
        type: string
      type: object
      value_regex: string
      value_type:
        enum:
        - string
        - number
        - date
  type:
    enum:
    - reduce
required:
- type

value

Generic value filter using jmespath

properties:
  default:
    type: object
  key:
    type: string
  op:
    enum:
    - eq
    - equal
    - ne
    - not-equal
    - gt
    - greater-than
    - ge
    - gte
    - le
    - lte
    - lt
    - less-than
    - glob
    - regex
    - regex-case
    - in
    - ni
    - not-in
    - contains
    - difference
    - intersect
  type:
    enum:
    - value
  value:
    oneOf:
    - type: array
    - type: string
    - type: boolean
    - type: number
    - type: 'null'
  value_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      url:
        type: string
    required:
    - url
    type: object
  value_regex:
    type: string
  value_type:
    enum:
    - age
    - integer
    - expiration
    - normalize
    - size
    - cidr
    - cidr_size
    - swap
    - resource_count
    - expr
    - unique_size
    - date
    - version
required:
- type