class RedshiftSnapshot(QueryResourceManager):
"""Resource manager for Redshift snapshots.
"""
filter_registry = FilterRegistry('redshift-snapshot.filters')
action_registry = ActionRegistry('redshift-snapshot.actions')
filter_registry.register('marked-for-op', tags.TagActionFilter)
_generate_arn = None
@property
def generate_arn(self):
if self._generate_arn is None:
self._generate_arn = functools.partial(
generate_arn, 'redshift', region=self.config.region,
account_id=self.account_id, resource_type='snapshot',
separator=':')
return self._generate_arn
class resource_type(object):
service = 'redshift'
type = 'redshift-snapshot'
enum_spec = ('describe_cluster_snapshots', 'Snapshots', None)
name = id = 'SnapshotIdentifier'
filter_name = None
filter_type = None
dimension = None
date = 'SnapshotCreateTime'
config_type = "AWS::Redshift::ClusterSnapshot"
def __new__(cls, name, parents, attrs):
if 'resource_type' not in attrs:
return super(QueryMeta, cls).__new__(cls, name, parents, attrs)
if 'filter_registry' not in attrs:
attrs['filter_registry'] = FilterRegistry(
'%s.filters' % name.lower())
if 'action_registry' not in attrs:
attrs['action_registry'] = ActionRegistry(
'%s.actions' % name.lower())
if attrs['resource_type']:
m = ResourceQuery.resolve(attrs['resource_type'])
# Generic cloud watch metrics support
if m.dimension:
attrs['filter_registry'].register('metrics', MetricsFilter)
# EC2 Service boilerplate ...
if m.service == 'ec2':
# Generic ec2 resource tag support
if getattr(m, 'taggable', True):
register_ec2_tags(
attrs['filter_registry'], attrs['action_registry'])
if getattr(m, 'universal_taggable', False):
compatibility = isinstance(m.universal_taggable, bool) and True or False
register_universal_tags(
attrs['filter_registry'], attrs['action_registry'],
compatibility=compatibility)
return super(QueryMeta, cls).__new__(cls, name, parents, attrs)
class ReplicationInstance(QueryResourceManager):
class resource_type(object):
service = 'dms'
type = 'rep'
enum_spec = (
'describe_replication_instances', 'ReplicationInstances', None)
name = id = 'ReplicationInstanceIdentifier'
date = 'InstanceCreateTime'
dimension = None
# The api supports filtering which we handle via describe source.
filter_name = filter_type = None
filters = FilterRegistry('dms-instance.filters')
filters.register('marked-for-op', TagActionFilter)
filter_registry = filters
retry = staticmethod(get_retry(('Throttled',)))
def get_source(self, source_type):
if source_type == 'describe':
return InstanceDescribe(self)
return super(ReplicationInstance, self).get_source(source_type)
def get_arns(self, resources):
return [r['ReplicationInstanceArn'] for r in resources]
def get_tags(self, resources):
client = local_session(self.session_factory).client('dms')
for r in resources:
r['Tags'] = self.manager.retry(
client.list_tags_for_resource(
ResourceArn=r['ReplicationInstanceArn'])['TagList'])
return resources
class ElastiCacheSnapshot(QueryResourceManager):
class resource_type(object):
service = 'elasticache'
type = 'snapshot'
enum_spec = ('describe_snapshots', 'Snapshots', None)
name = id = 'SnapshotName'
filter_name = 'SnapshotName'
filter_type = 'scalar'
date = 'StartTime'
dimension = None
universal_taggable = True
permissions = ('elasticache:ListTagsForResource', )
filter_registry = FilterRegistry('elasticache-snapshot.filters')
action_registry = ActionRegistry('elasticache-snapshot.actions')
_generate_arn = None
retry = staticmethod(get_retry(('Throttled', )))
augment = universal_augment
@property
def generate_arn(self):
if self._generate_arn is None:
self._generate_arn = functools.partial(generate_arn,
'elasticache',
region=self.config.region,
account_id=self.account_id,
resource_type='snapshot',
separator=':')
return self._generate_arn
class RestAccount(ResourceManager):
filter_registry = FilterRegistry('rest-account.filters')
action_registry = ActionRegistry('rest-account.actions')
class resource_type(object):
service = 'apigateway'
name = id = 'account_id'
dimensions = None
@classmethod
def get_permissions(cls):
return ('apigateway:GET', )
def get_model(self):
return self.resource_type
def _get_account(self):
client = utils.local_session(self.session_factory).client('apigateway')
try:
account = client.get_account()
except ClientError as e:
if e.response['Error']['Code'] == 'NotFoundException':
return []
account.pop('ResponseMetadata', None)
account['account_id'] = 'apigw-settings'
return [account]
def resources(self):
return self.filter_resources(self._get_account())
def get_resources(self, resource_ids):
return self._get_account()
class GlueDataCatalog(ResourceManager):
filter_registry = FilterRegistry('glue-catalog.filters')
action_registry = ActionRegistry('glue-catalog.actions')
retry = staticmethod(QueryResourceManager.retry)
class resource_type(query.TypeInfo):
service = 'glue'
arn_type = 'catalog'
id = name = 'CatalogId'
@classmethod
def get_permissions(cls):
return ('glue:GetDataCatalogEncryptionSettings',)
@classmethod
def has_arn(cls):
return True
def get_model(self):
return self.resource_type
def _get_catalog_encryption_settings(self):
client = utils.local_session(self.session_factory).client('glue')
settings = client.get_data_catalog_encryption_settings()
settings.pop('ResponseMetadata', None)
return [settings]
def resources(self):
return self.filter_resources(self._get_catalog_encryption_settings())
class SagemakerEndpoint(QueryResourceManager):
class resource_type(object):
service = 'sagemaker'
enum_spec = ('list_endpoints', 'Endpoints', None)
detail_spec = ('describe_endpoint', 'EndpointName', 'EndpointName',
None)
id = 'EndpointArn'
name = 'EndpointName'
date = 'CreationTime'
dimension = None
filter_name = None
filter_registry = FilterRegistry('sagemaker-endpoint.filters')
filter_registry.register('marked-for-op', TagActionFilter)
permissions = ('sagemaker:ListTags', )
def augment(self, endpoints):
client = local_session(self.session_factory).client('sagemaker')
def _augment(e):
tags = client.list_tags(ResourceArn=e['EndpointArn'])['Tags']
e['Tags'] = tags
return e
# Describe endpoints & then list tags
endpoints = super(SagemakerEndpoint, self).augment(endpoints)
with self.executor_factory(max_workers=1) as w:
return list(filter(None, w.map(_augment, endpoints)))
class Snapshot(QueryResourceManager):
class resource_type(object):
service = 'ec2'
type = 'snapshot'
enum_spec = ('describe_snapshots', 'Snapshots', None)
detail_spec = None
id = 'SnapshotId'
filter_name = 'SnapshotIds'
filter_type = 'list'
name = 'SnapshotId'
date = 'StartTime'
dimension = None
default_report_fields = (
'SnapshotId',
'VolumeId',
'tag:InstanceId',
'VolumeSize',
'StartTime',
'State',
)
filter_registry = FilterRegistry('ebs-snapshot.filters')
action_registry = ActionRegistry('ebs-snapshot.actions')
def resources(self, query=None):
query = query or {}
if query.get('OwnerIds') is None:
query['OwnerIds'] = ['self']
return super(Snapshot, self).resources(query=query)
class ElastiCacheSnapshot(QueryResourceManager):
resource_type = 'aws.elasticache.snapshot'
filter_registry = FilterRegistry('elasticache-snapshot.filters')
action_registry = ActionRegistry('elasticache-snapshot.actions')
_generate_arn = _account_id = None
retry = staticmethod(get_retry(('Throttled', )))
@property
def account_id(self):
if self._account_id is None:
session = local_session(self.session_factory)
self._account_id = get_account_id(session)
return self._account_id
@property
def generate_arn(self):
if self._generate_arn is None:
self._generate_arn = functools.partial(generate_arn,
'elasticache',
region=self.config.region,
account_id=self.account_id,
resource_type='snapshot',
separator=':')
return self._generate_arn
def augment(self, clusters):
filter(
None,
_elasticache_snapshot_tags(self.get_model(), clusters,
self.session_factory,
self.executor_factory,
self.generate_arn, self.retry))
return clusters
def __new__(cls, name, parents, attrs):
if 'filter_registry' not in attrs:
attrs['filter_registry'] = FilterRegistry('%s.filters' %
name.lower())
if 'action_registry' not in attrs:
attrs['action_registry'] = ActionRegistry('%s.actions' %
name.lower())
return super(QueryMeta, cls).__new__(cls, name, parents, attrs)
class PolicyConditions:
filter_registry = FilterRegistry('c7n.policy.filters')
filter_registry.register('and', PolicyConditionAnd)
filter_registry.register('or', PolicyConditionOr)
filter_registry.register('not', PolicyConditionNot)
def __init__(self, policy, data):
self.policy = policy
self.data = data
self.filters = self.data.get('conditions', [])
# used by c7n-org to extend evaluation conditions
self.env_vars = {}
def validate(self):
self.filters.extend(self.convert_deprecated())
self.filters = self.filter_registry.parse(
self.filters, self.policy.resource_manager)
def evaluate(self, event=None):
policy_vars = dict(self.env_vars)
policy_vars.update({
'name': self.policy.name,
'region': self.policy.options.region,
'resource': self.policy.resource_type,
'provider': self.policy.provider_name,
'account_id': self.policy.options.account_id,
'now': datetime.utcnow().replace(tzinfo=tzutil.tzutc()),
'policy': self.policy.data
})
# note for no filters/conditions, this uses all([]) == true property.
state = all([f.process([policy_vars], event) for f in self.filters])
if not state:
self.policy.log.info(
'Skipping policy:%s due to execution conditions', self.policy.name)
return state
def convert_deprecated(self):
filters = []
if 'region' in self.policy.data:
filters.append({'region': self.policy.data['region']})
if 'start' in self.policy.data:
filters.append({
'type': 'value',
'key': 'now',
'value_type': 'date',
'op': 'gte',
'value': self.policy.data['start']})
if 'end' in self.policy.data:
filters.append({
'type': 'value',
'key': 'now',
'value_type': 'date',
'op': 'lte',
'value': self.policy.data['end']})
return filters
def __new__(cls, name, parents, attrs):
if 'filter_registry' not in attrs:
attrs['filter_registry'] = FilterRegistry(
'%s.filters' % name.lower())
if 'action_registry' not in attrs:
attrs['action_registry'] = ActionRegistry(
'%s.filters' % name.lower())
#if attrs['resource_type']:
# m = ResourceQuery.resolve(attrs['resource_type'])
return super(QueryMeta, cls).__new__(cls, name, parents, attrs)
class FSxBackup(QueryResourceManager):
filter_registry = FilterRegistry('fsx-baackup.filters')
action_registry = ActionRegistry('fsx-baackup.actions')
class resource_type(object):
service = 'fsx'
enum_spec = ('describe_backups', 'Backups', None)
name = id = 'BackupId'
date = 'CreationTime'
dimension = None
filter_name = None
class FSx(QueryResourceManager):
filter_registry = FilterRegistry('fsx.filters')
action_registry = ActionRegistry('fsx.actions')
class resource_type(object):
service = 'fsx'
enum_spec = ('describe_file_systems', 'FileSystems', None)
name = id = 'FileSystemId'
date = 'CreationTime'
dimension = None
filter_name = None
def __new__(cls, name, parents, attrs):
if 'filter_registry' not in attrs:
attrs['filter_registry'] = FilterRegistry('%s.filters' %
name.lower())
if 'action_registry' not in attrs:
actions = ActionRegistry('%s.actions' % name.lower())
# All ARM resources will have tag support; however, classic resources may not have support
actions.register('tag', Tag)
attrs['action_registry'] = actions
return super(QueryMeta, cls).__new__(cls, name, parents, attrs)
class SecretsManager(QueryResourceManager):
filter_registry = FilterRegistry('secrets-manager.filters')
filter_registry.register('marked-for-op', TagActionFilter)
permissions = ('secretsmanager:ListSecretVersionIds', )
class resource_type(object):
service = 'secretsmanager'
enum_spec = ('list_secrets', 'SecretList', None)
detail_spec = ('describe_secret', 'SecretId', 'ARN', None)
id = 'ARN'
name = 'Name'
dimension = None
filter_name = None
class RDSSnapshot(QueryResourceManager):
"""Resource manager for RDS DB snapshots.
"""
class resource_type(object):
service = 'rds'
type = 'rds-snapshot'
enum_spec = ('describe_db_snapshots', 'DBSnapshots', None)
name = id = 'DBSnapshotIdentifier'
filter_name = None
filter_type = None
dimension = None
date = 'SnapshotCreateTime'
config_type = "AWS::RDS::DBSnapshot"
filter_registry = FilterRegistry('rds-snapshot.filters')
action_registry = ActionRegistry('rds-snapshot.actions')
filter_registry.register('marked-for-op', tags.TagActionFilter)
_generate_arn = _account_id = None
retry = staticmethod(get_retry(('Throttled', )))
@property
def account_id(self):
if self._account_id is None:
session = local_session(self.session_factory)
self._account_id = get_account_id(session)
return self._account_id
@property
def generate_arn(self):
if self._generate_arn is None:
self._generate_arn = functools.partial(generate_arn,
'rds',
region=self.config.region,
account_id=self.account_id,
resource_type='snapshot',
separator=':')
return self._generate_arn
def augment(self, snaps):
filter(
None,
_rds_snap_tags(self.get_model(), snaps, self.session_factory,
self.executor_factory, self.generate_arn,
self.retry))
return snaps
class RDSClusterSnapshot(QueryResourceManager):
"""Resource manager for RDS cluster snapshots.
"""
class resource_type(object):
service = 'rds'
type = 'rds-cluster-snapshot'
enum_spec = ('describe_db_cluster_snapshots', 'DBClusterSnapshots',
None)
name = id = 'DBClusterSnapshotIdentifier'
filter_name = None
filter_type = None
dimension = None
date = 'SnapshotCreateTime'
filter_registry = FilterRegistry('rdscluster-snapshot.filters')
action_registry = ActionRegistry('rdscluster-snapshot.actions')
class RDSSnapshot(QueryResourceManager):
class Meta(object):
service = 'rds'
type = 'rds-snapshot'
enum_spec = ('describe_db_snapshots', 'DBSnapshots', None)
name = id = 'DBSnapshotIdentifier'
filter_name = None
filter_type = None
dimension = None
date = 'SnapshotCreateTime'
resource_type = Meta
filter_registry = FilterRegistry('rds-snapshot.filters')
action_registry = ActionRegistry('rds-snapshot.actions')
class ReplicationInstance(QueryResourceManager):
class resource_type(TypeInfo):
service = 'dms'
arn_type = 'rep'
enum_spec = ('describe_replication_instances', 'ReplicationInstances',
None)
name = id = 'ReplicationInstanceIdentifier'
arn = 'ReplicationInstanceArn'
date = 'InstanceCreateTime'
cfn_type = 'AWS::DMS::ReplicationInstance'
filters = FilterRegistry('dms-instance.filters')
filters.register('marked-for-op', TagActionFilter)
filter_registry = filters
retry = staticmethod(get_retry(('Throttled', )))
source_mapping = {'describe': InstanceDescribe, 'config': ConfigSource}
class AppELBTargetGroup(QueryResourceManager):
"""Resource manager for v2 ELB target groups.
"""
class resource_type(object):
service = 'elbv2'
type = 'app-elb-target-group'
enum_spec = ('describe_target_groups', 'TargetGroups', None)
name = 'TargetGroupName'
id = 'TargetGroupArn'
filter_name = None
filter_type = None
dimension = None
date = None
filter_registry = FilterRegistry('app-elb-target-group.filters')
action_registry = ActionRegistry('app-elb-target-group.actions')
retry = staticmethod(get_retry(('Throttling',)))
filter_registry.register('tag-count', tags.TagCountFilter)
filter_registry.register('marked-for-op', tags.TagActionFilter)
@classmethod
def get_permissions(cls):
# override as the service is not the iam prefix
return ("elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTags")
def augment(self, target_groups):
client = local_session(self.session_factory).client('elbv2')
def _describe_target_group_health(target_group):
result = self.retry(client.describe_target_health,
TargetGroupArn=target_group['TargetGroupArn'])
target_group['TargetHealthDescriptions'] = result[
'TargetHealthDescriptions']
with self.executor_factory(max_workers=2) as w:
list(w.map(_describe_target_group_health, target_groups))
_describe_target_group_tags(
target_groups, self.session_factory,
self.executor_factory, self.retry)
return target_groups
class RedshiftSnapshot(QueryResourceManager):
"""Resource manager for Redshift snapshots.
"""
class Meta(object):
service = 'redshift'
type = 'redshift-snapshot'
enum_spec = ('describe_cluster_snapshots', 'Snapshots', None)
name = id = 'SnapshotIdentifier'
filter_name = None
filter_type = None
dimension = None
date = 'SnapshotCreateTime'
resource_type = Meta
filter_registry = FilterRegistry('redshift-snapshot.filters')
action_registry = ActionRegistry('redshift-snapshot.actions')
def __new__(cls, name, parents, attrs):
if 'filter_registry' not in attrs:
attrs['filter_registry'] = FilterRegistry('%s.filters' %
name.lower())
if 'action_registry' not in attrs:
attrs['action_registry'] = ActionRegistry('%s.filters' %
name.lower())
if attrs['resource_type']:
m = ResourceQuery.resolve(attrs['resource_type'])
# Generic cloud watch metrics support
if m.dimension and 'metrics':
attrs['filter_registry'].register('metrics', MetricsFilter)
# Generic ec2 resource tag support
if m.service == 'ec2' and getattr(m, 'taggable', True):
register_tags(attrs['filter_registry'],
attrs['action_registry'])
return super(QueryMeta, cls).__new__(cls, name, parents, attrs)
class Snapshot(ResourceManager):
filter_registry = FilterRegistry('ebs-snapshot.filters')
action_registry = ActionRegistry('ebs-snapshot.actions')
def resources(self):
c = self.session_factory().client('ec2')
query = self.resource_query()
if self._cache.load():
snaps = self._cache.get({'resource': 'ebs-snapshot'})
if snaps is not None:
return self.filter_resources(snaps)
self.log.info('Querying ebs snapshots')
p = c.get_paginator('describe_snapshots')
results = p.paginate(Filters=query, OwnerIds=['self'])
snapshots = list(itertools.chain(*[rp['Snapshots'] for rp in results]))
self._cache.save({'resource': 'ebs-snapshot'}, snapshots)
return self.filter_resources(snapshots)
class ElastiCacheSnapshot(QueryResourceManager):
class resource_type(object):
service = 'elasticache'
type = 'snapshot'
enum_spec = ('describe_snapshots', 'Snapshots', None)
name = id = 'SnapshotName'
filter_name = 'SnapshotName'
filter_type = 'scalar'
date = 'StartTime'
dimension = None
permissions = ('elasticache:ListTagsForResource', )
filter_registry = FilterRegistry('elasticache-snapshot.filters')
action_registry = ActionRegistry('elasticache-snapshot.actions')
filter_registry.register('marked-for-op', tags.TagActionFilter)
_generate_arn = _account_id = None
retry = staticmethod(get_retry(('Throttled', )))
@property
def account_id(self):
if self._account_id is None:
session = local_session(self.session_factory)
self._account_id = get_account_id(session)
return self._account_id
@property
def generate_arn(self):
if self._generate_arn is None:
self._generate_arn = functools.partial(generate_arn,
'elasticache',
region=self.config.region,
account_id=self.account_id,
resource_type='snapshot',
separator=':')
return self._generate_arn
def augment(self, clusters):
filter(
None,
_elasticache_snapshot_tags(self.get_model(), clusters,
self.session_factory,
self.executor_factory,
self.generate_arn, self.retry))
return clusters
class RestAccount(ResourceManager):
# note this is not using a regular resource manager or type info
# its a pseudo resource, like an aws account
filter_registry = FilterRegistry('rest-account.filters')
action_registry = ActionRegistry('rest-account.actions')
class resource_type(query.TypeInfo):
service = 'apigateway'
name = id = 'account_id'
dimension = None
arn = False
@classmethod
def get_permissions(cls):
# this resource is not query manager based as its a pseudo
# resource. in that it always exists, it represents the
# service's account settings.
return ('apigateway:GET', )
@classmethod
def has_arn(self):
return False
def get_model(self):
return self.resource_type
def _get_account(self):
client = utils.local_session(self.session_factory).client('apigateway')
try:
account = client.get_account()
except ClientError as e:
if e.response['Error']['Code'] == 'NotFoundException':
return []
account.pop('ResponseMetadata', None)
account['account_id'] = 'apigw-settings'
return [account]
def resources(self):
return self.filter_resources(self._get_account())
def get_resources(self, resource_ids):
return self._get_account()
class ReplicationInstance(QueryResourceManager):
class resource_type(TypeInfo):
service = 'dms'
arn_type = 'rep'
enum_spec = (
'describe_replication_instances', 'ReplicationInstances', None)
name = id = 'ReplicationInstanceIdentifier'
arn = 'ReplicationInstanceArn'
date = 'InstanceCreateTime'
filters = FilterRegistry('dms-instance.filters')
filters.register('marked-for-op', TagActionFilter)
filter_registry = filters
retry = staticmethod(get_retry(('Throttled',)))
def get_source(self, source_type):
if source_type == 'describe':
return InstanceDescribe(self)
return super(ReplicationInstance, self).get_source(source_type)
class HealthCheck(Route53Base, QueryResourceManager):
filter_registry = FilterRegistry('healthcheck.filters')
filter_registry.register('marked-for-op', TagActionFilter)
action_registry = ActionRegistry('healthcheck.actions')
action_registry.register('auto-tag-user', AutoTagUser)
action_registry.register('mark', UniversalTag)
action_registry.register('tag', UniversalTag)
action_registry.register('mark-for-op', UniversalTagDelayedAction)
action_registry.register('remove-tag', UniversalUntag)
action_registry.register('unmark', UniversalUntag)
action_registry.register('untag', UniversalUntag)
class resource_type(object):
service = 'route53'
type = 'healthcheck'
enum_spec = ('list_health_checks', 'HealthChecks', None)
name = id = 'Id'
filter_name = None
date = None
dimension = None
class RDSSnapshot(QueryResourceManager):
"""Resource manager for RDS DB snapshots.
"""
class resource_type(object):
service = 'rds'
type = 'rds-snapshot'
enum_spec = ('describe_db_snapshots', 'DBSnapshots', None)
name = id = 'DBSnapshotIdentifier'
filter_name = None
filter_type = None
dimension = None
date = 'SnapshotCreateTime'
config_type = "AWS::RDS::DBSnapshot"
# Need resource_type for Universal Tagging
resource_type = "rds:snapshot"
filter_registry = FilterRegistry('rds-snapshot.filters')
action_registry = ActionRegistry('rds-snapshot.actions')
_generate_arn = None
retry = staticmethod(get_retry(('Throttled',)))
@property
def generate_arn(self):
if self._generate_arn is None:
self._generate_arn = functools.partial(
generate_arn, 'rds', region=self.config.region,
account_id=self.account_id, resource_type='snapshot',
separator=':')
return self._generate_arn
def get_source(self, source_type):
if source_type == 'describe':
return DescribeRDSSnapshot(self)
elif source_type == 'config':
return ConfigRDSSnapshot(self)
raise ValueError("Unsupported source: %s for %s" % (
source_type, self.resource_type.config_type))
class Glacier(QueryResourceManager):
filter_registry = FilterRegistry('glacier.filters')
filter_registry.register('marked-for-op', TagActionFilter)
action_registry = ActionRegistry('glacier.actions')
action_registry.register('auto-tag-user', AutoTagUser)
action_registry.register('mark', UniversalTag)
action_registry.register('tag', UniversalTag)
action_registry.register('mark-for-op', UniversalTagDelayedAction)
action_registry.register('remove-tag', UniversalUntag)
action_registry.register('unmark', UniversalUntag)
action_registry.register('untag', UniversalUntag)
permissions = ('glacier:ListTagsForVault', )
retry = staticmethod(get_retry(('Throttled', )))
class resource_type(object):
service = 'glacier'
enum_spec = ('list_vaults', 'VaultList', None)
name = "VaultName"
id = "VaultARN"
dimension = None
def augment(self, resources):
def process_tags(resource):
client = local_session(self.session_factory).client('glacier')
tag_dict = self.retry(
client.list_tags_for_vault,
vaultName=resource[self.get_model().name])['Tags']
tag_list = []
for k, v in tag_dict.items():
tag_list.append({'Key': k, 'Value': v})
resource['Tags'] = tag_list
return resource
with self.executor_factory(max_workers=2) as w:
return list(w.map(process_tags, resources))
from datetime import datetime, timedelta
from dateutil.parser import parse as parse_date
from dateutil.tz import tzutc
from c7n.actions import ActionRegistry, BaseAction
from c7n.exceptions import PolicyValidationError
from c7n.filters import Filter, FilterRegistry, ValueFilter
from c7n.filters.missing import Missing
from c7n.manager import ResourceManager, resources
from c7n.utils import local_session, type_schema
from c7n.resources.iam import CredentialReport
filters = FilterRegistry('aws.account.actions')
actions = ActionRegistry('aws.account.filters')
filters.register('missing', Missing)
def get_account(session_factory, config):
session = local_session(session_factory)
client = session.client('iam')
aliases = client.list_account_aliases().get(
'AccountAliases', ('',))
name = aliases and aliases[0] or ""
return {'account_id': config.account_id,
'account_name': name}
from c7n.filters import (
Filter, FilterRegistry, DefaultVpcBase, ValueFilter,
ShieldMetrics)
import c7n.filters.vpc as net_filters
from datetime import datetime
from dateutil.tz import tzutc
from c7n import tags
from c7n.manager import resources
from c7n.query import QueryResourceManager, DescribeSource
from c7n.utils import local_session, chunks, type_schema, get_retry, REGION_PARTITION_MAP
from c7n.resources.shield import IsShieldProtected, SetShieldProtection
log = logging.getLogger('custodian.elb')
filters = FilterRegistry('elb.filters')
actions = ActionRegistry('elb.actions')
filters.register('tag-count', tags.TagCountFilter)
filters.register('marked-for-op', tags.TagActionFilter)
filters.register('shield-enabled', IsShieldProtected)
filters.register('shield-metrics', ShieldMetrics)
@resources.register('elb')
class ELB(QueryResourceManager):
class resource_type(object):
service = 'elb'
resource_type = 'elasticloadbalancing:loadbalancer'
type = 'loadbalancer'
from c7n.filters import (
FilterRegistry, ValueFilter, DefaultVpcBase, AgeFilter, OPERATORS,
CrossAccountAccessFilter)
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.resolver import ValuesFrom
from c7n.query import QueryResourceManager
from c7n import tags
from c7n.utils import (
type_schema, local_session, chunks, generate_arn, get_retry,
snapshot_identifier)
log = logging.getLogger('custodian.redshift')
filters = FilterRegistry('redshift.filters')
actions = ActionRegistry('redshift.actions')
filters.register('marked-for-op', tags.TagActionFilter)
@resources.register('redshift')
class Redshift(QueryResourceManager):
class resource_type(object):
service = 'redshift'
type = 'cluster'
enum_spec = ('describe_clusters', 'Clusters', None)
detail_spec = None
name = id = 'ClusterIdentifier'
filter_name = 'ClusterIdentifier'
filter_type = 'scalar'
FilterRegistry, Filter, CrossAccountAccessFilter, MetricsFilter)
from c7n.manager import resources
from c7n.query import QueryResourceManager, ResourceQuery
from c7n.tags import RemoveTag, Tag, TagActionFilter, TagDelayedAction
from c7n.utils import (
chunks, local_session, set_annotation, type_schema, dumps, get_account_id)
"""
TODO:
- How does replication status effect in place encryption.
- Test glacier support
"""
log = logging.getLogger('custodian.s3')
filters = FilterRegistry('s3.filters')
actions = ActionRegistry('s3.actions')
filters.register('marked-for-op', TagActionFilter)
actions.register('auto-tag-user', AutoTagUser)
MAX_COPY_SIZE = 1024 * 1024 * 1024 * 2
@resources.register('s3')
class S3(QueryResourceManager):
#resource_type = "aws.s3.bucket"
class resource_type(ResourceQuery.resolve("aws.s3.bucket")):
dimension = 'BucketName'
)
from c7n.filters import (
FilterRegistry, AgeFilter, ValueFilter, Filter, OPERATORS, DefaultVpcBase
)
from c7n.filters.offhours import OffHour, OnHour
from c7n.filters.health import HealthEventFilter
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import utils
from c7n.utils import type_schema
filters = FilterRegistry('ec2.filters')
actions = ActionRegistry('ec2.actions')
actions.register('auto-tag-user', AutoTagUser)
filters.register('health-event', HealthEventFilter)
@resources.register('ec2')
class EC2(QueryResourceManager):
class resource_type(object):
service = 'ec2'
type = 'instance'
enum_spec = ('describe_instances', 'Reservations[].Instances[]', None)
detail_spec = None
id = 'InstanceId'
from botocore.exceptions import ClientError
from concurrent.futures import as_completed
from c7n.actions import ActionRegistry, BaseAction
from c7n.filters import FilterRegistry, Filter, AgeFilter
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import tags
from c7n.utils import local_session, type_schema, get_account_id, chunks
from skew.resources.aws import rds
log = logging.getLogger('custodian.rds')
filters = FilterRegistry('rds.filters')
actions = ActionRegistry('rds.actions')
filters.register('tag-count', tags.TagCountFilter)
filters.register('marked-for-op', tags.TagActionFilter)
@resources.register('rds')
class RDS(QueryResourceManager):
class resource_type(rds.DBInstance.Meta):
filter_name = 'DBInstanceIdentifier'
filter_registry = filters
action_registry = actions
account_id = None
from dateutil.tz import tzutc
import logging
import itertools
from c7n.actions import ActionRegistry, BaseAction
from c7n.filters import FilterRegistry
from c7n.manager import ResourceManager, resources
from c7n.offhours import Time, OffHour, OnHour
from c7n.tags import TagActionFilter, DEFAULT_TAG
from c7n.utils import local_session, query_instances, type_schema
log = logging.getLogger('custodian.asg')
filters = FilterRegistry('asg.filters')
actions = ActionRegistry('asg.actions')
filters.register('time', Time)
filters.register('offhour', OffHour)
filters.register('onhour', OnHour)
filters.register('marked-for-op', TagActionFilter)
@resources.register('asg')
class ASG(ResourceManager):
filter_registry = filters
action_registry = actions
from c7n.actions import Action, ActionRegistry, AutoTagUser
from c7n.filters import (
FilterRegistry, ValueFilter, AgeFilter, Filter, FilterValidationError,
OPERATORS)
from c7n.filters.offhours import OffHour, OnHour
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n.tags import TagActionFilter, DEFAULT_TAG, TagCountFilter, TagTrim
from c7n.utils import (
local_session, type_schema, chunks, get_retry, worker)
log = logging.getLogger('custodian.asg')
filters = FilterRegistry('asg.filters')
actions = ActionRegistry('asg.actions')
filters.register('offhour', OffHour)
filters.register('onhour', OnHour)
filters.register('tag-count', TagCountFilter)
filters.register('marked-for-op', TagActionFilter)
actions.register('auto-tag-user', AutoTagUser)
@resources.register('asg')
class ASG(QueryResourceManager):
class resource_type(object):
service = 'autoscaling'
type = 'autoScalingGroup'
from dateutil.parser import parse
from c7n.actions import (
ActionRegistry, BaseAction, ModifyVpcSecurityGroupsAction)
from c7n.filters import FilterRegistry, AgeFilter, OPERATORS
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n.tags import universal_augment
from c7n.utils import (
local_session, generate_arn,
get_retry, chunks, snapshot_identifier, type_schema)
log = logging.getLogger('custodian.elasticache')
filters = FilterRegistry('elasticache.filters')
actions = ActionRegistry('elasticache.actions')
TTYPE = re.compile('cache.t')
@resources.register('cache-cluster')
class ElastiCacheCluster(QueryResourceManager):
class resource_type(object):
service = 'elasticache'
type = 'cluster'
enum_spec = ('describe_cache_clusters',
'CacheClusters[]', None)
name = id = 'CacheClusterId'
filter_name = 'CacheClusterId'
CrossAccountAccessFilter, FilterRegistry, Filter, AgeFilter, OPERATORS,
FilterValidationError)
from c7n.filters.health import HealthEventFilter
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import tags
from c7n.utils import (
local_session, type_schema,
get_retry, chunks, generate_arn, snapshot_identifier)
from c7n.resources.kms import ResourceKmsKeyAlias
log = logging.getLogger('custodian.rds')
filters = FilterRegistry('rds.filters')
actions = ActionRegistry('rds.actions')
filters.register('tag-count', tags.TagCountFilter)
filters.register('marked-for-op', tags.TagActionFilter)
filters.register('health-event', HealthEventFilter)
actions.register('auto-tag-user', AutoTagUser)
@resources.register('rds')
class RDS(QueryResourceManager):
"""Resource manager for RDS DB instances.
"""
class resource_type(object):
service = 'rds'
)
from c7n.filters import (
FilterRegistry, AgeFilter, ValueFilter, Filter, OPERATORS, DefaultVpcBase
)
from c7n.filters.offhours import OffHour, OnHour
from c7n.filters.health import HealthEventFilter
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import utils
from c7n.utils import type_schema
filters = FilterRegistry('ec2.filters')
actions = ActionRegistry('ec2.actions')
actions.register('auto-tag-user', AutoTagUser)
filters.register('health-event', HealthEventFilter)
@resources.register('ec2')
class EC2(QueryResourceManager):
class resource_type(object):
service = 'ec2'
type = 'instance'
enum_spec = ('describe_instances', 'Reservations[].Instances[]', None)
detail_spec = None
id = 'InstanceId'
from c7n.actions import ActionRegistry, BaseAction, AutoTagUser
from c7n.filters import (
FilterRegistry, ValueFilter, AgeFilter, Filter, FilterValidationError,
OPERATORS)
from c7n.filters.offhours import OffHour, OnHour
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n.tags import TagActionFilter, DEFAULT_TAG, TagCountFilter, TagTrim
from c7n.utils import (
local_session, query_instances, type_schema, chunks, get_retry, worker)
log = logging.getLogger('custodian.asg')
filters = FilterRegistry('asg.filters')
actions = ActionRegistry('asg.actions')
filters.register('offhour', OffHour)
filters.register('onhour', OnHour)
filters.register('tag-count', TagCountFilter)
filters.register('marked-for-op', TagActionFilter)
actions.register('auto-tag-user', AutoTagUser)
@resources.register('asg')
class ASG(QueryResourceManager):
resource_type = "aws.autoscaling.autoScalingGroup"
id_field = 'AutoScalingGroupName'
report_fields = [