Cloud Custodian

Introduction

  • Overview
  • Getting Started
  • Monitoring your environment
  • Advanced Usage
  • Example tag compliance policy

Examples

  • Use Cases
    • Account - Login From Invalid IP Address
    • Account - Detect Root Logins
    • Account - Service Limit
    • AMI - Stop EC2 using Unapproved AMIs
    • AutoScaling Group - Verify ASGs have valid configurations
    • ASG - Offhours Support
    • Block New Resources In Non-Standard Regions
    • DMS - DB Migration Service Endpoint - Enforce SSL
    • EBS - Garbage Collect Unattached Volumes
    • EBS - Create and Manage Snapshots
    • EBS - Delete Unencrypted
    • EC2 - auto-tag aws userName on resources
    • EC2 - Offhours Support
    • EC2 - Old Instance Report
    • EC2 - Power On For Scheduled Patching
    • EC2 - Terminate Unpatchable Instances
    • ELB - Delete New Internet-Facing ELBs
    • ELB - Delete Unused Elastic Load Balancers
    • ELB - SSL Blacklist
    • ELB - SSL Whitelist
    • IAM - Manage Whether A Specific IAM Policy is Attached to Roles
    • Lambda - Notify On Lambda Errors
    • Example offhours policy
    • RDS - Delete Unused Databases With No Connections
    • RDS - Terminate Unencrypted Public Instances
    • S3 - Configure New Buckets Settings and Standards
    • S3 - Block Public S3 Object ACLs
    • S3 - Encryption
    • S3 - Global Grants
    • SageMaker Notebook - Delete Public or Unencrypted
    • Security Groups - Detect and Remediate Violations
    • Tag Compliance Across Resources (EC2, ASG, ELB, S3, etc)
    • VPC - Flow Log Configuration Check
    • VPC - Notify On Invalid External Peering Connections

Azure

  • Getting Started
  • Authentication
  • Azure Storage access
  • Examples
  • Policies
  • Advanced Usage
  • Developer Guide
  • Adding New Azure Resources
  • Testing

Working with AWS Lambda

  • Lambda Support
  • Mu - Lambda Lifecycle Management

Policies reference

  • Resource-Specific Filters and Actions
  • Generic Filters

Contributing

  • Contributing to Cloud Custodian
  • Developer Guide
  • Installing for Developers
  • Testing for Developers

API Reference

  • AWS
  • Azure
  • GCP
Cloud Custodian
  • Docs »
  • Use Cases

Use CasesΒΆ

These use cases provide examples of specific policies for individual AWS modules.

  • Account - Login From Invalid IP Address
  • Account - Detect Root Logins
  • Account - Service Limit
  • AMI - Stop EC2 using Unapproved AMIs
  • AutoScaling Group - Verify ASGs have valid configurations
  • ASG - Offhours Support
  • Block New Resources In Non-Standard Regions
  • DMS - DB Migration Service Endpoint - Enforce SSL
  • EBS - Garbage Collect Unattached Volumes
  • EBS - Create and Manage Snapshots
  • EBS - Delete Unencrypted
  • EC2 - auto-tag aws userName on resources
  • EC2 - Offhours Support
  • EC2 - Old Instance Report
  • EC2 - Power On For Scheduled Patching
  • EC2 - Terminate Unpatchable Instances
  • ELB - Delete New Internet-Facing ELBs
  • ELB - Delete Unused Elastic Load Balancers
  • ELB - SSL Blacklist
  • ELB - SSL Whitelist
  • IAM - Manage Whether A Specific IAM Policy is Attached to Roles
  • Lambda - Notify On Lambda Errors
  • Example offhours policy
  • RDS - Delete Unused Databases With No Connections
  • RDS - Terminate Unencrypted Public Instances
  • S3 - Configure New Buckets Settings and Standards
  • S3 - Block Public S3 Object ACLs
  • S3 - Encryption
  • S3 - Global Grants
  • SageMaker Notebook - Delete Public or Unencrypted
  • Security Groups - Detect and Remediate Violations
  • Tag Compliance Across Resources (EC2, ASG, ELB, S3, etc)
  • VPC - Flow Log Configuration Check
  • VPC - Notify On Invalid External Peering Connections
Next Previous

© Copyright 2017, Capital One Services, LLC

Built with Sphinx using a theme provided by Read the Docs.