from dateutil.parser import parse as parse_date
from dateutil.tz import tzutc
from c7n.actions import ActionRegistry, BaseAction
from c7n.exceptions import PolicyValidationError
from c7n.filters import Filter, FilterRegistry, ValueFilter
from c7n.filters.missing import Missing
from c7n.manager import ResourceManager, resources
from c7n.utils import local_session, type_schema
from c7n.resources.iam import CredentialReport
filters = FilterRegistry('aws.account.actions')
actions = ActionRegistry('aws.account.filters')
filters.register('missing', Missing)
def get_account(session_factory, config):
session = local_session(session_factory)
client = session.client('iam')
aliases = client.list_account_aliases().get('AccountAliases', ('', ))
name = aliases and aliases[0] or ""
return {'account_id': config.account_id, 'account_name': name}
@resources.register('account')
class Account(ResourceManager):
filter_registry = filters
action_registry = actions
from c7n.actions import ActionRegistry, BaseAction
from c7n.filters import FilterRegistry
from c7n.manager import ResourceManager, resources
from c7n.offhours import Time, OffHour, OnHour
from c7n.tags import TagActionFilter, DEFAULT_TAG
from c7n.utils import local_session, query_instances, type_schema
log = logging.getLogger('custodian.asg')
filters = FilterRegistry('asg.filters')
actions = ActionRegistry('asg.actions')
filters.register('time', Time)
filters.register('offhour', OffHour)
filters.register('onhour', OnHour)
filters.register('marked-for-op', TagActionFilter)
@resources.register('asg')
class ASG(ResourceManager):
filter_registry = filters
action_registry = actions
def resources(self):
c = self.session_factory().client('autoscaling')
query = self.resource_query()
if self._cache.load():
from c7n.filters import (
FilterRegistry, ValueFilter, DefaultVpcBase, AgeFilter, OPERATORS)
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import tags
from c7n.utils import (
type_schema, local_session, chunks, generate_arn, get_retry,
get_account_id, snapshot_identifier)
log = logging.getLogger('custodian.redshift')
filters = FilterRegistry('redshift.filters')
actions = ActionRegistry('redshift.actions')
filters.register('marked-for-op', tags.TagActionFilter)
@resources.register('redshift')
class Redshift(QueryResourceManager):
resource_type = "aws.redshift.cluster"
filter_registry = filters
action_registry = actions
retry = staticmethod(get_retry(('Throttling',)))
_generate_arn = _account_id = None
@property
def account_id(self):
if self._account_id is None:
from c7n.filters.health import HealthEventFilter
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import tags
from c7n.utils import (
local_session, type_schema,
get_retry, chunks, generate_arn, snapshot_identifier)
from c7n.resources.kms import ResourceKmsKeyAlias
log = logging.getLogger('custodian.rds')
filters = FilterRegistry('rds.filters')
actions = ActionRegistry('rds.actions')
filters.register('tag-count', tags.TagCountFilter)
filters.register('marked-for-op', tags.TagActionFilter)
filters.register('health-event', HealthEventFilter)
actions.register('auto-tag-user', AutoTagUser)
@resources.register('rds')
class RDS(QueryResourceManager):
"""Resource manager for RDS DB instances.
"""
class resource_type(object):
service = 'rds'
type = 'db'
enum_spec = ('describe_db_instances', 'DBInstances', None)
id = 'DBInstanceIdentifier'
from c7n.query import QueryResourceManager, ResourceQuery
from c7n.tags import RemoveTag, Tag, TagActionFilter, TagDelayedAction
from c7n.utils import (
chunks, local_session, set_annotation, type_schema, dumps, get_account_id)
"""
TODO:
- How does replication status effect in place encryption.
- Test glacier support
"""
log = logging.getLogger('custodian.s3')
filters = FilterRegistry('s3.filters')
actions = ActionRegistry('s3.actions')
filters.register('marked-for-op', TagActionFilter)
actions.register('auto-tag-user', AutoTagUser)
MAX_COPY_SIZE = 1024 * 1024 * 1024 * 2
@resources.register('s3')
class S3(QueryResourceManager):
#resource_type = "aws.s3.bucket"
class resource_type(ResourceQuery.resolve("aws.s3.bucket")):
dimension = 'BucketName'
executor_factory = executor.ThreadPoolExecutor
filter_registry = filters
import c7n.filters.vpc as net_filters
from datetime import datetime
from dateutil.tz import tzutc
from c7n import tags
from c7n.manager import resources
from c7n.query import QueryResourceManager, DescribeSource
from c7n.utils import local_session, chunks, type_schema, get_retry, REGION_PARTITION_MAP
from c7n.resources.shield import IsShieldProtected, SetShieldProtection
log = logging.getLogger('custodian.elb')
filters = FilterRegistry('elb.filters')
actions = ActionRegistry('elb.actions')
filters.register('tag-count', tags.TagCountFilter)
filters.register('marked-for-op', tags.TagActionFilter)
filters.register('shield-enabled', IsShieldProtected)
filters.register('shield-metrics', ShieldMetrics)
@resources.register('elb')
class ELB(QueryResourceManager):
class resource_type(object):
service = 'elb'
resource_type = 'elasticloadbalancing:loadbalancer'
type = 'loadbalancer'
enum_spec = ('describe_load_balancers',
'LoadBalancerDescriptions', None)
detail_spec = None
group_ids = set()
for r in resources:
group_ids.update(
[s['SubnetIdentifier'] for s in
self.groups[r['CacheSubnetGroupName']]['Subnets']])
return group_ids
def process(self, resources, event=None):
self.groups = {
r['CacheSubnetGroupName']: r for r in
self.manager.get_resource_manager(
'cache-subnet-group').resources()}
return super(SubnetFilter, self).process(resources, event)
filters.register('network-location', net_filters.NetworkLocation)
@actions.register('delete')
class DeleteElastiCacheCluster(BaseAction):
"""Action to delete an elasticache cluster
To prevent unwanted deletion of elasticache clusters, it is recommended
to include a filter
:example:
.. code-block: yaml
policies:
- name: elasticache-delete-stale-clusters
from c7n.filters import (FilterRegistry, ValueFilter, AgeFilter, Filter,
FilterValidationError, OPERATORS)
from c7n.filters.offhours import OffHour, OnHour
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n.tags import TagActionFilter, DEFAULT_TAG, TagCountFilter, TagTrim
from c7n.utils import (local_session, type_schema, chunks, get_retry, worker)
log = logging.getLogger('custodian.asg')
filters = FilterRegistry('asg.filters')
actions = ActionRegistry('asg.actions')
filters.register('offhour', OffHour)
filters.register('onhour', OnHour)
filters.register('tag-count', TagCountFilter)
filters.register('marked-for-op', TagActionFilter)
actions.register('auto-tag-user', AutoTagUser)
@resources.register('asg')
class ASG(QueryResourceManager):
class resource_type(object):
service = 'autoscaling'
type = 'autoScalingGroup'
id = name = 'AutoScalingGroupName'
date = 'CreatedTime'
dimension = 'AutoScalingGroupName'
enum_spec = ('describe_auto_scaling_groups', 'AutoScalingGroups', None)
OPERATORS)
from c7n.filters.offhours import OffHour, OnHour
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n.tags import TagActionFilter, DEFAULT_TAG, TagCountFilter, TagTrim
from c7n.utils import (
local_session, query_instances, type_schema, chunks, get_retry, worker)
log = logging.getLogger('custodian.asg')
filters = FilterRegistry('asg.filters')
actions = ActionRegistry('asg.actions')
filters.register('offhour', OffHour)
filters.register('onhour', OnHour)
filters.register('tag-count', TagCountFilter)
filters.register('marked-for-op', TagActionFilter)
actions.register('auto-tag-user', AutoTagUser)
@resources.register('asg')
class ASG(QueryResourceManager):
resource_type = "aws.autoscaling.autoScalingGroup"
id_field = 'AutoScalingGroupName'
report_fields = [
'AutoScalingGroupName',
'count:Instances',
'tag:ASV',
OPERATORS, DefaultVpcBase)
from c7n.filters.offhours import OffHour, OnHour
from c7n.filters.health import HealthEventFilter
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import utils
from c7n.utils import type_schema
filters = FilterRegistry('ec2.filters')
actions = ActionRegistry('ec2.actions')
actions.register('auto-tag-user', AutoTagUser)
filters.register('health-event', HealthEventFilter)
@resources.register('ec2')
class EC2(QueryResourceManager):
class resource_type(object):
service = 'ec2'
type = 'instance'
enum_spec = ('describe_instances', 'Reservations[].Instances[]', None)
detail_spec = None
id = 'InstanceId'
filter_name = 'InstanceIds'
filter_type = 'list'
name = 'PublicDnsName'
date = 'LaunchTime'
dimension = 'InstanceId'
from c7n.filters.offhours import OffHour, OnHour
from c7n.filters.health import HealthEventFilter
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import utils
from c7n.utils import type_schema
filters = FilterRegistry('ec2.filters')
actions = ActionRegistry('ec2.actions')
actions.register('auto-tag-user', AutoTagUser)
filters.register('health-event', HealthEventFilter)
@resources.register('ec2')
class EC2(QueryResourceManager):
class resource_type(object):
service = 'ec2'
type = 'instance'
enum_spec = ('describe_instances', 'Reservations[].Instances[]', None)
detail_spec = None
id = 'InstanceId'
filter_name = 'InstanceIds'
filter_type = 'list'
name = 'PublicDnsName'
date = 'LaunchTime'
from botocore.exceptions import ClientError
from c7n.actions import ActionRegistry, BaseAction
from c7n.filters import Filter, FilterRegistry, FilterValidationError
from c7n.tags import (TagCountFilter, TagActionFilter, TagDelayedAction as
_TagDelayedAction)
from c7n.manager import ResourceManager, resources
from c7n.utils import local_session, chunks, type_schema
log = logging.getLogger('custodian.elb')
filters = FilterRegistry('elb.filters')
actions = ActionRegistry('elb.actions')
filters.register('tag-count', TagCountFilter)
filters.register('marked-for-op', TagActionFilter)
@resources.register('elb')
class ELB(ResourceManager):
filter_registry = filters
action_registry = actions
def resources(self):
if self._cache.load():
elbs = self._cache.get({
'region': self.config.region,
'resource': 'elb'
})
from c7n.filters.health import HealthEventFilter
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import tags
from c7n.utils import (
local_session, type_schema,
get_retry, chunks, generate_arn, snapshot_identifier)
from c7n.resources.kms import ResourceKmsKeyAlias
log = logging.getLogger('custodian.rds')
filters = FilterRegistry('rds.filters')
actions = ActionRegistry('rds.actions')
filters.register('tag-count', tags.TagCountFilter)
filters.register('marked-for-op', tags.TagActionFilter)
filters.register('health-event', HealthEventFilter)
actions.register('auto-tag-user', AutoTagUser)
@resources.register('rds')
class RDS(QueryResourceManager):
"""Resource manager for RDS DB instances.
"""
class resource_type(object):
service = 'rds'
type = 'db'
enum_spec = ('describe_db_instances', 'DBInstances', None)
id = 'DBInstanceIdentifier'
from c7n.actions import ActionRegistry, BaseAction
from c7n.filters import FilterRegistry, Filter, AgeFilter
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import tags
from c7n.utils import local_session, type_schema, get_account_id, chunks
from skew.resources.aws import rds
log = logging.getLogger('custodian.rds')
filters = FilterRegistry('rds.filters')
actions = ActionRegistry('rds.actions')
filters.register('tag-count', tags.TagCountFilter)
filters.register('marked-for-op', tags.TagActionFilter)
@resources.register('rds')
class RDS(QueryResourceManager):
class resource_type(rds.DBInstance.Meta):
filter_name = 'DBInstanceIdentifier'
filter_registry = filters
action_registry = actions
account_id = None
def augment(self, resources):
session = local_session(self.session_factory)
OPERATORS)
from c7n.filters.offhours import OffHour, OnHour
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n.tags import TagActionFilter, DEFAULT_TAG, TagCountFilter, TagTrim
from c7n.utils import (
local_session, type_schema, chunks, get_retry, worker)
log = logging.getLogger('custodian.asg')
filters = FilterRegistry('asg.filters')
actions = ActionRegistry('asg.actions')
filters.register('offhour', OffHour)
filters.register('onhour', OnHour)
filters.register('tag-count', TagCountFilter)
filters.register('marked-for-op', TagActionFilter)
actions.register('auto-tag-user', AutoTagUser)
@resources.register('asg')
class ASG(QueryResourceManager):
class resource_type(object):
service = 'autoscaling'
type = 'autoScalingGroup'
id = name = 'AutoScalingGroupName'
date = 'CreatedTime'
dimension = 'AutoScalingGroupName'
from c7n.actions import ActionRegistry, BaseAction, AutoTagUser
from c7n.filters import (FilterRegistry, ValueFilter, AgeFilter, Filter,
FilterValidationError, OPERATORS)
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n.offhours import Time, OffHour, OnHour
from c7n.tags import TagActionFilter, DEFAULT_TAG, TagCountFilter, TagTrim
from c7n.utils import local_session, query_instances, type_schema, chunks
log = logging.getLogger('custodian.asg')
filters = FilterRegistry('asg.filters')
actions = ActionRegistry('asg.actions')
filters.register('time', Time)
filters.register('offhour', OffHour)
filters.register('onhour', OnHour)
filters.register('tag-count', TagCountFilter)
filters.register('marked-for-op', TagActionFilter)
actions.register('auto-tag-user', AutoTagUser)
@resources.register('asg')
class ASG(QueryResourceManager):
resource_type = "aws.autoscaling.autoScalingGroup"
filter_registry = filters
action_registry = actions
from c7n.actions import ActionRegistry, BaseAction
from c7n.exceptions import PolicyValidationError
from c7n.filters import Filter, FilterRegistry, ValueFilter
from c7n.filters.missing import Missing
from c7n.manager import ResourceManager, resources
from c7n.utils import local_session, type_schema
from c7n.resources.iam import CredentialReport
filters = FilterRegistry('aws.account.actions')
actions = ActionRegistry('aws.account.filters')
filters.register('missing', Missing)
def get_account(session_factory, config):
session = local_session(session_factory)
client = session.client('iam')
aliases = client.list_account_aliases().get(
'AccountAliases', ('',))
name = aliases and aliases[0] or ""
return {'account_id': config.account_id,
'account_name': name}
@resources.register('account')
class Account(ResourceManager):
from c7n.actions import ActionRegistry, BaseAction, ModifyVpcSecurityGroupsAction
from c7n.filters import (FilterRegistry, ValueFilter, DefaultVpcBase,
AgeFilter, OPERATORS)
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import tags
from c7n.utils import (type_schema, local_session, chunks, generate_arn,
get_retry, snapshot_identifier)
log = logging.getLogger('custodian.redshift')
filters = FilterRegistry('redshift.filters')
actions = ActionRegistry('redshift.actions')
filters.register('marked-for-op', tags.TagActionFilter)
@resources.register('redshift')
class Redshift(QueryResourceManager):
class resource_type(object):
service = 'redshift'
type = 'cluster'
enum_spec = ('describe_clusters', 'Clusters', None)
detail_spec = None
name = id = 'ClusterIdentifier'
filter_name = 'ClusterIdentifier'
filter_type = 'scalar'
date = 'ClusterCreateTime'
dimension = 'ClusterIdentifier'
config_type = "AWS::Redshift::Cluster"
from c7n.filters.health import HealthEventFilter
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import tags
from c7n.utils import (local_session, type_schema, get_retry, chunks,
generate_arn, snapshot_identifier)
from c7n.resources.kms import ResourceKmsKeyAlias
log = logging.getLogger('custodian.rds')
filters = FilterRegistry('rds.filters')
actions = ActionRegistry('rds.actions')
filters.register('tag-count', tags.TagCountFilter)
filters.register('marked-for-op', tags.TagActionFilter)
filters.register('health-event', HealthEventFilter)
actions.register('auto-tag-user', AutoTagUser)
@resources.register('rds')
class RDS(QueryResourceManager):
"""Resource manager for RDS DB instances.
"""
class resource_type(object):
service = 'rds'
type = 'db'
enum_spec = ('describe_db_instances', 'DBInstances', None)
id = 'DBInstanceIdentifier'
name = 'Endpoint.Address'
CrossAccountAccessFilter)
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.resolver import ValuesFrom
from c7n.query import QueryResourceManager
from c7n import tags
from c7n.utils import (
type_schema, local_session, chunks, generate_arn, get_retry,
snapshot_identifier)
log = logging.getLogger('custodian.redshift')
filters = FilterRegistry('redshift.filters')
actions = ActionRegistry('redshift.actions')
filters.register('marked-for-op', tags.TagActionFilter)
@resources.register('redshift')
class Redshift(QueryResourceManager):
class resource_type(object):
service = 'redshift'
type = 'cluster'
enum_spec = ('describe_clusters', 'Clusters', None)
detail_spec = None
name = id = 'ClusterIdentifier'
filter_name = 'ClusterIdentifier'
filter_type = 'scalar'
date = 'ClusterCreateTime'
dimension = 'ClusterIdentifier'
group_ids.update([
s['SubnetIdentifier']
for s in self.groups[r['CacheSubnetGroupName']]['Subnets']
])
return group_ids
def process(self, resources, event=None):
self.groups = {
r['CacheSubnetGroupName']: r
for r in self.manager.get_resource_manager(
'cache-subnet-group').resources()
}
return super(SubnetFilter, self).process(resources, event)
filters.register('network-location', net_filters.NetworkLocation)
@actions.register('delete')
class DeleteElastiCacheCluster(BaseAction):
"""Action to delete an elasticache cluster
To prevent unwanted deletion of elasticache clusters, it is recommended
to include a filter
:example:
.. code-block:: yaml
policies:
- name: elasticache-delete-stale-clusters
import c7n.filters.vpc as net_filters
from datetime import datetime
from dateutil.tz import tzutc
from c7n import tags
from c7n.manager import resources
from c7n.query import QueryResourceManager, DescribeSource
from c7n.utils import local_session, chunks, type_schema, get_retry, worker
from c7n.resources.shield import IsShieldProtected, SetShieldProtection
log = logging.getLogger('custodian.elb')
filters = FilterRegistry('elb.filters')
actions = ActionRegistry('elb.actions')
filters.register('tag-count', tags.TagCountFilter)
filters.register('marked-for-op', tags.TagActionFilter)
filters.register('shield-enabled', IsShieldProtected)
filters.register('shield-metrics', ShieldMetrics)
@resources.register('elb')
class ELB(QueryResourceManager):
class resource_type(object):
service = 'elb'
resource_type = 'elasticloadbalancing:loadbalancer'
type = 'loadbalancer'
enum_spec = ('describe_load_balancers', 'LoadBalancerDescriptions',
None)
detail_spec = None
id = 'LoadBalancerName'
OPERATORS, DefaultVpcBase)
from c7n.filters.offhours import OffHour, OnHour
from c7n.filters.health import HealthEventFilter
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import utils
from c7n.utils import type_schema
filters = FilterRegistry('ec2.filters')
actions = ActionRegistry('ec2.actions')
actions.register('auto-tag-user', AutoTagUser)
filters.register('health-event', HealthEventFilter)
@resources.register('ec2')
class EC2(QueryResourceManager):
class resource_type(object):
service = 'ec2'
type = 'instance'
enum_spec = ('describe_instances', 'Reservations[].Instances[]', None)
detail_spec = None
id = 'InstanceId'
filter_name = 'InstanceIds'
filter_type = 'list'
name = 'PublicDnsName'
date = 'LaunchTime'
dimension = 'InstanceId'
from botocore.exceptions import ClientError
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import utils
from c7n import tags
from c7n.utils import get_retry, local_session, type_schema
from c7n.actions import ActionRegistry, BaseAction
from c7n.filters import FilterRegistry
log = logging.getLogger('custodian.elasticbeanstalk')
env_filters = FilterRegistry('elasticbeanstalk-environment.filters')
env_actions = ActionRegistry('elasticbeanstalk-environment.actions')
env_filters.register('tag-count', tags.TagCountFilter)
env_filters.register('marked-for-op', tags.TagActionFilter)
@resources.register('elasticbeanstalk')
class ElasticBeanstalk(QueryResourceManager):
class resource_type(object):
service = 'elasticbeanstalk'
enum_spec = ('describe_applications', 'Applications', None)
name = "ApplicationName"
id = "ApplicationName"
dimension = None
default_report_fields = ('ApplicationName', 'DateCreated',
'DateUpdated')
filter_name = 'ApplicationNames'
filter_type = 'list'
from c7n.filters.offhours import OffHour, OnHour
from c7n.filters.health import HealthEventFilter
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import utils
from c7n.utils import type_schema
filters = FilterRegistry('ec2.filters')
actions = ActionRegistry('ec2.actions')
actions.register('auto-tag-user', AutoTagUser)
filters.register('health-event', HealthEventFilter)
@resources.register('ec2')
class EC2(QueryResourceManager):
class resource_type(object):
service = 'ec2'
type = 'instance'
enum_spec = ('describe_instances', 'Reservations[].Instances[]', None)
detail_spec = None
id = 'InstanceId'
filter_name = 'InstanceIds'
filter_type = 'list'
name = 'PublicDnsName'
date = 'LaunchTime'
