class RedshiftSnapshot(QueryResourceManager):
    """Resource manager for Redshift snapshots.
    """

    filter_registry = FilterRegistry('redshift-snapshot.filters')
    action_registry = ActionRegistry('redshift-snapshot.actions')

    filter_registry.register('marked-for-op', tags.TagActionFilter)

    _generate_arn = None

    @property
    def generate_arn(self):
        if self._generate_arn is None:
            self._generate_arn = functools.partial(
                generate_arn, 'redshift', region=self.config.region,
                account_id=self.account_id, resource_type='snapshot',
                separator=':')
        return self._generate_arn

    class resource_type(object):
        service = 'redshift'
        type = 'redshift-snapshot'
        enum_spec = ('describe_cluster_snapshots', 'Snapshots', None)
        name = id = 'SnapshotIdentifier'
        filter_name = None
        filter_type = None
        dimension = None
        date = 'SnapshotCreateTime'
        config_type = "AWS::Redshift::ClusterSnapshot"
Example #2
0
    def __new__(cls, name, parents, attrs):
        if 'resource_type' not in attrs:
            return super(QueryMeta, cls).__new__(cls, name, parents, attrs)

        if 'filter_registry' not in attrs:
            attrs['filter_registry'] = FilterRegistry(
                '%s.filters' % name.lower())
        if 'action_registry' not in attrs:
            attrs['action_registry'] = ActionRegistry(
                '%s.actions' % name.lower())

        if attrs['resource_type']:
            m = ResourceQuery.resolve(attrs['resource_type'])
            # Generic cloud watch metrics support
            if m.dimension:
                attrs['filter_registry'].register('metrics', MetricsFilter)
            # EC2 Service boilerplate ...
            if m.service == 'ec2':
                # Generic ec2 resource tag support
                if getattr(m, 'taggable', True):
                    register_ec2_tags(
                        attrs['filter_registry'], attrs['action_registry'])
            if getattr(m, 'universal_taggable', False):
                compatibility = isinstance(m.universal_taggable, bool) and True or False
                register_universal_tags(
                    attrs['filter_registry'], attrs['action_registry'],
                    compatibility=compatibility)

        return super(QueryMeta, cls).__new__(cls, name, parents, attrs)
Example #3
0
class ReplicationInstance(QueryResourceManager):

    class resource_type(object):
        service = 'dms'
        type = 'rep'
        enum_spec = (
            'describe_replication_instances', 'ReplicationInstances', None)
        name = id = 'ReplicationInstanceIdentifier'
        date = 'InstanceCreateTime'
        dimension = None

        # The api supports filtering which we handle via describe source.
        filter_name = filter_type = None

    filters = FilterRegistry('dms-instance.filters')
    filters.register('marked-for-op', TagActionFilter)
    filter_registry = filters
    retry = staticmethod(get_retry(('Throttled',)))

    def get_source(self, source_type):
        if source_type == 'describe':
            return InstanceDescribe(self)
        return super(ReplicationInstance, self).get_source(source_type)

    def get_arns(self, resources):
        return [r['ReplicationInstanceArn'] for r in resources]

    def get_tags(self, resources):
        client = local_session(self.session_factory).client('dms')
        for r in resources:
            r['Tags'] = self.manager.retry(
                client.list_tags_for_resource(
                    ResourceArn=r['ReplicationInstanceArn'])['TagList'])
        return resources
Example #4
0
class ElastiCacheSnapshot(QueryResourceManager):
    class resource_type(object):
        service = 'elasticache'
        type = 'snapshot'
        enum_spec = ('describe_snapshots', 'Snapshots', None)
        name = id = 'SnapshotName'
        filter_name = 'SnapshotName'
        filter_type = 'scalar'
        date = 'StartTime'
        dimension = None
        universal_taggable = True

    permissions = ('elasticache:ListTagsForResource', )
    filter_registry = FilterRegistry('elasticache-snapshot.filters')
    action_registry = ActionRegistry('elasticache-snapshot.actions')
    _generate_arn = None
    retry = staticmethod(get_retry(('Throttled', )))
    augment = universal_augment

    @property
    def generate_arn(self):
        if self._generate_arn is None:
            self._generate_arn = functools.partial(generate_arn,
                                                   'elasticache',
                                                   region=self.config.region,
                                                   account_id=self.account_id,
                                                   resource_type='snapshot',
                                                   separator=':')
        return self._generate_arn
Example #5
0
class RestAccount(ResourceManager):

    filter_registry = FilterRegistry('rest-account.filters')
    action_registry = ActionRegistry('rest-account.actions')

    class resource_type(object):
        service = 'apigateway'
        name = id = 'account_id'
        dimensions = None

    @classmethod
    def get_permissions(cls):
        return ('apigateway:GET', )

    def get_model(self):
        return self.resource_type

    def _get_account(self):
        client = utils.local_session(self.session_factory).client('apigateway')
        try:
            account = client.get_account()
        except ClientError as e:
            if e.response['Error']['Code'] == 'NotFoundException':
                return []
        account.pop('ResponseMetadata', None)
        account['account_id'] = 'apigw-settings'
        return [account]

    def resources(self):
        return self.filter_resources(self._get_account())

    def get_resources(self, resource_ids):
        return self._get_account()
Example #6
0
class GlueDataCatalog(ResourceManager):

    filter_registry = FilterRegistry('glue-catalog.filters')
    action_registry = ActionRegistry('glue-catalog.actions')
    retry = staticmethod(QueryResourceManager.retry)

    class resource_type(query.TypeInfo):
        service = 'glue'
        arn_type = 'catalog'
        id = name = 'CatalogId'

    @classmethod
    def get_permissions(cls):
        return ('glue:GetDataCatalogEncryptionSettings',)

    @classmethod
    def has_arn(cls):
        return True

    def get_model(self):
        return self.resource_type

    def _get_catalog_encryption_settings(self):
        client = utils.local_session(self.session_factory).client('glue')
        settings = client.get_data_catalog_encryption_settings()
        settings.pop('ResponseMetadata', None)
        return [settings]

    def resources(self):
        return self.filter_resources(self._get_catalog_encryption_settings())
Example #7
0
class SagemakerEndpoint(QueryResourceManager):
    class resource_type(object):
        service = 'sagemaker'
        enum_spec = ('list_endpoints', 'Endpoints', None)
        detail_spec = ('describe_endpoint', 'EndpointName', 'EndpointName',
                       None)
        id = 'EndpointArn'
        name = 'EndpointName'
        date = 'CreationTime'
        dimension = None
        filter_name = None

    filter_registry = FilterRegistry('sagemaker-endpoint.filters')
    filter_registry.register('marked-for-op', TagActionFilter)
    permissions = ('sagemaker:ListTags', )

    def augment(self, endpoints):
        client = local_session(self.session_factory).client('sagemaker')

        def _augment(e):
            tags = client.list_tags(ResourceArn=e['EndpointArn'])['Tags']
            e['Tags'] = tags
            return e

        # Describe endpoints & then list tags
        endpoints = super(SagemakerEndpoint, self).augment(endpoints)
        with self.executor_factory(max_workers=1) as w:
            return list(filter(None, w.map(_augment, endpoints)))
Example #8
0
class Snapshot(QueryResourceManager):
    class resource_type(object):
        service = 'ec2'
        type = 'snapshot'
        enum_spec = ('describe_snapshots', 'Snapshots', None)
        detail_spec = None
        id = 'SnapshotId'
        filter_name = 'SnapshotIds'
        filter_type = 'list'
        name = 'SnapshotId'
        date = 'StartTime'
        dimension = None

        default_report_fields = (
            'SnapshotId',
            'VolumeId',
            'tag:InstanceId',
            'VolumeSize',
            'StartTime',
            'State',
        )

    filter_registry = FilterRegistry('ebs-snapshot.filters')
    action_registry = ActionRegistry('ebs-snapshot.actions')

    def resources(self, query=None):
        query = query or {}
        if query.get('OwnerIds') is None:
            query['OwnerIds'] = ['self']
        return super(Snapshot, self).resources(query=query)
Example #9
0
class ElastiCacheSnapshot(QueryResourceManager):

    resource_type = 'aws.elasticache.snapshot'
    filter_registry = FilterRegistry('elasticache-snapshot.filters')
    action_registry = ActionRegistry('elasticache-snapshot.actions')
    _generate_arn = _account_id = None
    retry = staticmethod(get_retry(('Throttled', )))

    @property
    def account_id(self):
        if self._account_id is None:
            session = local_session(self.session_factory)
            self._account_id = get_account_id(session)
        return self._account_id

    @property
    def generate_arn(self):
        if self._generate_arn is None:
            self._generate_arn = functools.partial(generate_arn,
                                                   'elasticache',
                                                   region=self.config.region,
                                                   account_id=self.account_id,
                                                   resource_type='snapshot',
                                                   separator=':')
        return self._generate_arn

    def augment(self, clusters):
        filter(
            None,
            _elasticache_snapshot_tags(self.get_model(), clusters,
                                       self.session_factory,
                                       self.executor_factory,
                                       self.generate_arn, self.retry))
        return clusters
Example #10
0
    def __new__(cls, name, parents, attrs):
        if 'filter_registry' not in attrs:
            attrs['filter_registry'] = FilterRegistry('%s.filters' %
                                                      name.lower())
        if 'action_registry' not in attrs:
            attrs['action_registry'] = ActionRegistry('%s.actions' %
                                                      name.lower())

        return super(QueryMeta, cls).__new__(cls, name, parents, attrs)
Example #11
0
class PolicyConditions:

    filter_registry = FilterRegistry('c7n.policy.filters')
    filter_registry.register('and', PolicyConditionAnd)
    filter_registry.register('or', PolicyConditionOr)
    filter_registry.register('not', PolicyConditionNot)

    def __init__(self, policy, data):
        self.policy = policy
        self.data = data
        self.filters = self.data.get('conditions', [])
        # used by c7n-org to extend evaluation conditions
        self.env_vars = {}

    def validate(self):
        self.filters.extend(self.convert_deprecated())
        self.filters = self.filter_registry.parse(
            self.filters, self.policy.resource_manager)

    def evaluate(self, event=None):
        policy_vars = dict(self.env_vars)
        policy_vars.update({
            'name': self.policy.name,
            'region': self.policy.options.region,
            'resource': self.policy.resource_type,
            'provider': self.policy.provider_name,
            'account_id': self.policy.options.account_id,
            'now': datetime.utcnow().replace(tzinfo=tzutil.tzutc()),
            'policy': self.policy.data
        })
        # note for no filters/conditions, this uses all([]) == true property.
        state = all([f.process([policy_vars], event) for f in self.filters])
        if not state:
            self.policy.log.info(
                'Skipping policy:%s due to execution conditions', self.policy.name)
        return state

    def convert_deprecated(self):
        filters = []
        if 'region' in self.policy.data:
            filters.append({'region': self.policy.data['region']})
        if 'start' in self.policy.data:
            filters.append({
                'type': 'value',
                'key': 'now',
                'value_type': 'date',
                'op': 'gte',
                'value': self.policy.data['start']})
        if 'end' in self.policy.data:
            filters.append({
                'type': 'value',
                'key': 'now',
                'value_type': 'date',
                'op': 'lte',
                'value': self.policy.data['end']})
        return filters
Example #12
0
 def __new__(cls, name, parents, attrs):
     if 'filter_registry' not in attrs:
         attrs['filter_registry'] = FilterRegistry(
             '%s.filters' % name.lower())
     if 'action_registry' not in attrs:
         attrs['action_registry'] = ActionRegistry(
             '%s.filters' % name.lower())
     #if attrs['resource_type']:
     #    m = ResourceQuery.resolve(attrs['resource_type'])
     return super(QueryMeta, cls).__new__(cls, name, parents, attrs)
Example #13
0
class FSxBackup(QueryResourceManager):
    filter_registry = FilterRegistry('fsx-baackup.filters')
    action_registry = ActionRegistry('fsx-baackup.actions')

    class resource_type(object):
        service = 'fsx'
        enum_spec = ('describe_backups', 'Backups', None)
        name = id = 'BackupId'
        date = 'CreationTime'
        dimension = None
        filter_name = None
Example #14
0
class FSx(QueryResourceManager):
    filter_registry = FilterRegistry('fsx.filters')
    action_registry = ActionRegistry('fsx.actions')

    class resource_type(object):
        service = 'fsx'
        enum_spec = ('describe_file_systems', 'FileSystems', None)
        name = id = 'FileSystemId'
        date = 'CreationTime'
        dimension = None
        filter_name = None
Example #15
0
    def __new__(cls, name, parents, attrs):
        if 'filter_registry' not in attrs:
            attrs['filter_registry'] = FilterRegistry('%s.filters' %
                                                      name.lower())
        if 'action_registry' not in attrs:
            actions = ActionRegistry('%s.actions' % name.lower())

            # All ARM resources will have tag support; however, classic resources may not have support
            actions.register('tag', Tag)
            attrs['action_registry'] = actions

        return super(QueryMeta, cls).__new__(cls, name, parents, attrs)
Example #16
0
class SecretsManager(QueryResourceManager):
    filter_registry = FilterRegistry('secrets-manager.filters')
    filter_registry.register('marked-for-op', TagActionFilter)
    permissions = ('secretsmanager:ListSecretVersionIds', )

    class resource_type(object):
        service = 'secretsmanager'
        enum_spec = ('list_secrets', 'SecretList', None)
        detail_spec = ('describe_secret', 'SecretId', 'ARN', None)
        id = 'ARN'
        name = 'Name'
        dimension = None
        filter_name = None
Example #17
0
class RDSSnapshot(QueryResourceManager):
    """Resource manager for RDS DB snapshots.
    """
    class resource_type(object):

        service = 'rds'
        type = 'rds-snapshot'
        enum_spec = ('describe_db_snapshots', 'DBSnapshots', None)
        name = id = 'DBSnapshotIdentifier'
        filter_name = None
        filter_type = None
        dimension = None
        date = 'SnapshotCreateTime'
        config_type = "AWS::RDS::DBSnapshot"

    filter_registry = FilterRegistry('rds-snapshot.filters')
    action_registry = ActionRegistry('rds-snapshot.actions')
    filter_registry.register('marked-for-op', tags.TagActionFilter)

    _generate_arn = _account_id = None
    retry = staticmethod(get_retry(('Throttled', )))

    @property
    def account_id(self):
        if self._account_id is None:
            session = local_session(self.session_factory)
            self._account_id = get_account_id(session)
        return self._account_id

    @property
    def generate_arn(self):
        if self._generate_arn is None:
            self._generate_arn = functools.partial(generate_arn,
                                                   'rds',
                                                   region=self.config.region,
                                                   account_id=self.account_id,
                                                   resource_type='snapshot',
                                                   separator=':')
        return self._generate_arn

    def augment(self, snaps):
        filter(
            None,
            _rds_snap_tags(self.get_model(), snaps, self.session_factory,
                           self.executor_factory, self.generate_arn,
                           self.retry))
        return snaps
Example #18
0
class RDSClusterSnapshot(QueryResourceManager):
    """Resource manager for RDS cluster snapshots.
    """
    class resource_type(object):

        service = 'rds'
        type = 'rds-cluster-snapshot'
        enum_spec = ('describe_db_cluster_snapshots', 'DBClusterSnapshots',
                     None)
        name = id = 'DBClusterSnapshotIdentifier'
        filter_name = None
        filter_type = None
        dimension = None
        date = 'SnapshotCreateTime'

    filter_registry = FilterRegistry('rdscluster-snapshot.filters')
    action_registry = ActionRegistry('rdscluster-snapshot.actions')
Example #19
0
class RDSSnapshot(QueryResourceManager):

    class Meta(object):

        service = 'rds'
        type = 'rds-snapshot'
        enum_spec = ('describe_db_snapshots', 'DBSnapshots', None)
        name = id = 'DBSnapshotIdentifier'
        filter_name = None
        filter_type = None
        dimension = None
        date = 'SnapshotCreateTime'

    resource_type = Meta

    filter_registry = FilterRegistry('rds-snapshot.filters')
    action_registry = ActionRegistry('rds-snapshot.actions')
Example #20
0
class ReplicationInstance(QueryResourceManager):
    class resource_type(TypeInfo):
        service = 'dms'
        arn_type = 'rep'
        enum_spec = ('describe_replication_instances', 'ReplicationInstances',
                     None)
        name = id = 'ReplicationInstanceIdentifier'
        arn = 'ReplicationInstanceArn'
        date = 'InstanceCreateTime'
        cfn_type = 'AWS::DMS::ReplicationInstance'

    filters = FilterRegistry('dms-instance.filters')
    filters.register('marked-for-op', TagActionFilter)
    filter_registry = filters
    retry = staticmethod(get_retry(('Throttled', )))

    source_mapping = {'describe': InstanceDescribe, 'config': ConfigSource}
Example #21
0
class AppELBTargetGroup(QueryResourceManager):
    """Resource manager for v2 ELB target groups.
    """

    class resource_type(object):

        service = 'elbv2'
        type = 'app-elb-target-group'
        enum_spec = ('describe_target_groups', 'TargetGroups', None)
        name = 'TargetGroupName'
        id = 'TargetGroupArn'
        filter_name = None
        filter_type = None
        dimension = None
        date = None

    filter_registry = FilterRegistry('app-elb-target-group.filters')
    action_registry = ActionRegistry('app-elb-target-group.actions')
    retry = staticmethod(get_retry(('Throttling',)))

    filter_registry.register('tag-count', tags.TagCountFilter)
    filter_registry.register('marked-for-op', tags.TagActionFilter)

    @classmethod
    def get_permissions(cls):
        # override as the service is not the iam prefix
        return ("elasticloadbalancing:DescribeTargetGroups",
                "elasticloadbalancing:DescribeTags")

    def augment(self, target_groups):
        client = local_session(self.session_factory).client('elbv2')

        def _describe_target_group_health(target_group):
            result = self.retry(client.describe_target_health,
                TargetGroupArn=target_group['TargetGroupArn'])
            target_group['TargetHealthDescriptions'] = result[
                'TargetHealthDescriptions']

        with self.executor_factory(max_workers=2) as w:
            list(w.map(_describe_target_group_health, target_groups))

        _describe_target_group_tags(
            target_groups, self.session_factory,
            self.executor_factory, self.retry)
        return target_groups
Example #22
0
class RedshiftSnapshot(QueryResourceManager):
    """Resource manager for Redshift snapshots.
    """
    class Meta(object):

        service = 'redshift'
        type = 'redshift-snapshot'
        enum_spec = ('describe_cluster_snapshots', 'Snapshots', None)
        name = id = 'SnapshotIdentifier'
        filter_name = None
        filter_type = None
        dimension = None
        date = 'SnapshotCreateTime'

    resource_type = Meta

    filter_registry = FilterRegistry('redshift-snapshot.filters')
    action_registry = ActionRegistry('redshift-snapshot.actions')
Example #23
0
    def __new__(cls, name, parents, attrs):
        if 'filter_registry' not in attrs:
            attrs['filter_registry'] = FilterRegistry('%s.filters' %
                                                      name.lower())
        if 'action_registry' not in attrs:
            attrs['action_registry'] = ActionRegistry('%s.filters' %
                                                      name.lower())

        if attrs['resource_type']:
            m = ResourceQuery.resolve(attrs['resource_type'])
            # Generic cloud watch metrics support
            if m.dimension and 'metrics':
                attrs['filter_registry'].register('metrics', MetricsFilter)
            # Generic ec2 resource tag support
            if m.service == 'ec2' and getattr(m, 'taggable', True):
                register_tags(attrs['filter_registry'],
                              attrs['action_registry'])
        return super(QueryMeta, cls).__new__(cls, name, parents, attrs)
Example #24
0
class Snapshot(ResourceManager):

    filter_registry = FilterRegistry('ebs-snapshot.filters')
    action_registry = ActionRegistry('ebs-snapshot.actions')

    def resources(self):
        c = self.session_factory().client('ec2')
        query = self.resource_query()
        if self._cache.load():
            snaps = self._cache.get({'resource': 'ebs-snapshot'})
            if snaps is not None:
                return self.filter_resources(snaps)
        self.log.info('Querying ebs snapshots')
        p = c.get_paginator('describe_snapshots')
        results = p.paginate(Filters=query, OwnerIds=['self'])
        snapshots = list(itertools.chain(*[rp['Snapshots'] for rp in results]))
        self._cache.save({'resource': 'ebs-snapshot'}, snapshots)
        return self.filter_resources(snapshots)
Example #25
0
class ElastiCacheSnapshot(QueryResourceManager):
    class resource_type(object):
        service = 'elasticache'
        type = 'snapshot'
        enum_spec = ('describe_snapshots', 'Snapshots', None)
        name = id = 'SnapshotName'
        filter_name = 'SnapshotName'
        filter_type = 'scalar'
        date = 'StartTime'
        dimension = None

    permissions = ('elasticache:ListTagsForResource', )
    filter_registry = FilterRegistry('elasticache-snapshot.filters')
    action_registry = ActionRegistry('elasticache-snapshot.actions')
    filter_registry.register('marked-for-op', tags.TagActionFilter)
    _generate_arn = _account_id = None
    retry = staticmethod(get_retry(('Throttled', )))

    @property
    def account_id(self):
        if self._account_id is None:
            session = local_session(self.session_factory)
            self._account_id = get_account_id(session)
        return self._account_id

    @property
    def generate_arn(self):
        if self._generate_arn is None:
            self._generate_arn = functools.partial(generate_arn,
                                                   'elasticache',
                                                   region=self.config.region,
                                                   account_id=self.account_id,
                                                   resource_type='snapshot',
                                                   separator=':')
        return self._generate_arn

    def augment(self, clusters):
        filter(
            None,
            _elasticache_snapshot_tags(self.get_model(), clusters,
                                       self.session_factory,
                                       self.executor_factory,
                                       self.generate_arn, self.retry))
        return clusters
Example #26
0
class RestAccount(ResourceManager):
    # note this is not using a regular resource manager or type info
    # its a pseudo resource, like an aws account

    filter_registry = FilterRegistry('rest-account.filters')
    action_registry = ActionRegistry('rest-account.actions')

    class resource_type(query.TypeInfo):
        service = 'apigateway'
        name = id = 'account_id'
        dimension = None
        arn = False

    @classmethod
    def get_permissions(cls):
        # this resource is not query manager based as its a pseudo
        # resource. in that it always exists, it represents the
        # service's account settings.
        return ('apigateway:GET', )

    @classmethod
    def has_arn(self):
        return False

    def get_model(self):
        return self.resource_type

    def _get_account(self):
        client = utils.local_session(self.session_factory).client('apigateway')
        try:
            account = client.get_account()
        except ClientError as e:
            if e.response['Error']['Code'] == 'NotFoundException':
                return []
        account.pop('ResponseMetadata', None)
        account['account_id'] = 'apigw-settings'
        return [account]

    def resources(self):
        return self.filter_resources(self._get_account())

    def get_resources(self, resource_ids):
        return self._get_account()
Example #27
0
class ReplicationInstance(QueryResourceManager):

    class resource_type(TypeInfo):
        service = 'dms'
        arn_type = 'rep'
        enum_spec = (
            'describe_replication_instances', 'ReplicationInstances', None)
        name = id = 'ReplicationInstanceIdentifier'
        arn = 'ReplicationInstanceArn'
        date = 'InstanceCreateTime'

    filters = FilterRegistry('dms-instance.filters')
    filters.register('marked-for-op', TagActionFilter)
    filter_registry = filters
    retry = staticmethod(get_retry(('Throttled',)))

    def get_source(self, source_type):
        if source_type == 'describe':
            return InstanceDescribe(self)
        return super(ReplicationInstance, self).get_source(source_type)
Example #28
0
class HealthCheck(Route53Base, QueryResourceManager):

    filter_registry = FilterRegistry('healthcheck.filters')
    filter_registry.register('marked-for-op', TagActionFilter)

    action_registry = ActionRegistry('healthcheck.actions')
    action_registry.register('auto-tag-user', AutoTagUser)
    action_registry.register('mark', UniversalTag)
    action_registry.register('tag', UniversalTag)
    action_registry.register('mark-for-op', UniversalTagDelayedAction)
    action_registry.register('remove-tag', UniversalUntag)
    action_registry.register('unmark', UniversalUntag)
    action_registry.register('untag', UniversalUntag)

    class resource_type(object):
        service = 'route53'
        type = 'healthcheck'
        enum_spec = ('list_health_checks', 'HealthChecks', None)
        name = id = 'Id'
        filter_name = None
        date = None
        dimension = None
Example #29
0
class RDSSnapshot(QueryResourceManager):
    """Resource manager for RDS DB snapshots.
    """

    class resource_type(object):
        service = 'rds'
        type = 'rds-snapshot'
        enum_spec = ('describe_db_snapshots', 'DBSnapshots', None)
        name = id = 'DBSnapshotIdentifier'
        filter_name = None
        filter_type = None
        dimension = None
        date = 'SnapshotCreateTime'
        config_type = "AWS::RDS::DBSnapshot"
        # Need resource_type for Universal Tagging
        resource_type = "rds:snapshot"

    filter_registry = FilterRegistry('rds-snapshot.filters')
    action_registry = ActionRegistry('rds-snapshot.actions')

    _generate_arn = None
    retry = staticmethod(get_retry(('Throttled',)))

    @property
    def generate_arn(self):
        if self._generate_arn is None:
            self._generate_arn = functools.partial(
                generate_arn, 'rds', region=self.config.region,
                account_id=self.account_id, resource_type='snapshot',
                separator=':')
        return self._generate_arn

    def get_source(self, source_type):
        if source_type == 'describe':
            return DescribeRDSSnapshot(self)
        elif source_type == 'config':
            return ConfigRDSSnapshot(self)
        raise ValueError("Unsupported source: %s for %s" % (
            source_type, self.resource_type.config_type))
Example #30
0
class Glacier(QueryResourceManager):

    filter_registry = FilterRegistry('glacier.filters')
    filter_registry.register('marked-for-op', TagActionFilter)

    action_registry = ActionRegistry('glacier.actions')
    action_registry.register('auto-tag-user', AutoTagUser)
    action_registry.register('mark', UniversalTag)
    action_registry.register('tag', UniversalTag)
    action_registry.register('mark-for-op', UniversalTagDelayedAction)
    action_registry.register('remove-tag', UniversalUntag)
    action_registry.register('unmark', UniversalUntag)
    action_registry.register('untag', UniversalUntag)

    permissions = ('glacier:ListTagsForVault', )
    retry = staticmethod(get_retry(('Throttled', )))

    class resource_type(object):
        service = 'glacier'
        enum_spec = ('list_vaults', 'VaultList', None)
        name = "VaultName"
        id = "VaultARN"
        dimension = None

    def augment(self, resources):
        def process_tags(resource):
            client = local_session(self.session_factory).client('glacier')
            tag_dict = self.retry(
                client.list_tags_for_vault,
                vaultName=resource[self.get_model().name])['Tags']
            tag_list = []
            for k, v in tag_dict.items():
                tag_list.append({'Key': k, 'Value': v})
            resource['Tags'] = tag_list
            return resource

        with self.executor_factory(max_workers=2) as w:
            return list(w.map(process_tags, resources))
Example #31
0
from datetime import datetime, timedelta

from dateutil.parser import parse as parse_date
from dateutil.tz import tzutc

from c7n.actions import ActionRegistry, BaseAction
from c7n.exceptions import PolicyValidationError
from c7n.filters import Filter, FilterRegistry, ValueFilter
from c7n.filters.missing import Missing
from c7n.manager import ResourceManager, resources
from c7n.utils import local_session, type_schema

from c7n.resources.iam import CredentialReport


filters = FilterRegistry('aws.account.actions')
actions = ActionRegistry('aws.account.filters')


filters.register('missing', Missing)


def get_account(session_factory, config):
    session = local_session(session_factory)
    client = session.client('iam')
    aliases = client.list_account_aliases().get(
        'AccountAliases', ('',))
    name = aliases and aliases[0] or ""
    return {'account_id': config.account_id,
            'account_name': name}
Example #32
0
from c7n.filters import (
    Filter, FilterRegistry, DefaultVpcBase, ValueFilter,
    ShieldMetrics)
import c7n.filters.vpc as net_filters
from datetime import datetime
from dateutil.tz import tzutc
from c7n import tags
from c7n.manager import resources
from c7n.query import QueryResourceManager, DescribeSource
from c7n.utils import local_session, chunks, type_schema, get_retry, REGION_PARTITION_MAP

from c7n.resources.shield import IsShieldProtected, SetShieldProtection

log = logging.getLogger('custodian.elb')

filters = FilterRegistry('elb.filters')
actions = ActionRegistry('elb.actions')

filters.register('tag-count', tags.TagCountFilter)
filters.register('marked-for-op', tags.TagActionFilter)
filters.register('shield-enabled', IsShieldProtected)
filters.register('shield-metrics', ShieldMetrics)


@resources.register('elb')
class ELB(QueryResourceManager):

    class resource_type(object):
        service = 'elb'
        resource_type = 'elasticloadbalancing:loadbalancer'
        type = 'loadbalancer'
Example #33
0
from c7n.filters import (
    FilterRegistry, ValueFilter, DefaultVpcBase, AgeFilter, OPERATORS,
    CrossAccountAccessFilter)
import c7n.filters.vpc as net_filters

from c7n.manager import resources
from c7n.resolver import ValuesFrom
from c7n.query import QueryResourceManager
from c7n import tags
from c7n.utils import (
    type_schema, local_session, chunks, generate_arn, get_retry,
    snapshot_identifier)

log = logging.getLogger('custodian.redshift')

filters = FilterRegistry('redshift.filters')
actions = ActionRegistry('redshift.actions')
filters.register('marked-for-op', tags.TagActionFilter)


@resources.register('redshift')
class Redshift(QueryResourceManager):

    class resource_type(object):
        service = 'redshift'
        type = 'cluster'
        enum_spec = ('describe_clusters', 'Clusters', None)
        detail_spec = None
        name = id = 'ClusterIdentifier'
        filter_name = 'ClusterIdentifier'
        filter_type = 'scalar'
Example #34
0
    FilterRegistry, Filter, CrossAccountAccessFilter, MetricsFilter)
from c7n.manager import resources
from c7n.query import QueryResourceManager, ResourceQuery
from c7n.tags import RemoveTag, Tag, TagActionFilter, TagDelayedAction
from c7n.utils import (
    chunks, local_session, set_annotation, type_schema, dumps, get_account_id)

"""
TODO:
 - How does replication status effect in place encryption.
 - Test glacier support
"""

log = logging.getLogger('custodian.s3')

filters = FilterRegistry('s3.filters')
actions = ActionRegistry('s3.actions')
filters.register('marked-for-op', TagActionFilter)
actions.register('auto-tag-user', AutoTagUser)

MAX_COPY_SIZE = 1024 * 1024 * 1024 * 2


@resources.register('s3')
class S3(QueryResourceManager):

    #resource_type = "aws.s3.bucket"

    class resource_type(ResourceQuery.resolve("aws.s3.bucket")):
        dimension = 'BucketName'
Example #35
0
)
from c7n.filters import (
    FilterRegistry, AgeFilter, ValueFilter, Filter, OPERATORS, DefaultVpcBase
)
from c7n.filters.offhours import OffHour, OnHour
from c7n.filters.health import HealthEventFilter
import c7n.filters.vpc as net_filters

from c7n.manager import resources
from c7n.query import QueryResourceManager

from c7n import utils
from c7n.utils import type_schema


filters = FilterRegistry('ec2.filters')
actions = ActionRegistry('ec2.actions')

actions.register('auto-tag-user', AutoTagUser)
filters.register('health-event', HealthEventFilter)


@resources.register('ec2')
class EC2(QueryResourceManager):

    class resource_type(object):
        service = 'ec2'
        type = 'instance'
        enum_spec = ('describe_instances', 'Reservations[].Instances[]', None)
        detail_spec = None
        id = 'InstanceId'
Example #36
0
from botocore.exceptions import ClientError
from concurrent.futures import as_completed

from c7n.actions import ActionRegistry, BaseAction
from c7n.filters import FilterRegistry, Filter, AgeFilter
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import tags
from c7n.utils import local_session, type_schema, get_account_id, chunks

from skew.resources.aws import rds

log = logging.getLogger('custodian.rds')

filters = FilterRegistry('rds.filters')
actions = ActionRegistry('rds.actions')

filters.register('tag-count', tags.TagCountFilter)
filters.register('marked-for-op', tags.TagActionFilter)


@resources.register('rds')
class RDS(QueryResourceManager):

    class resource_type(rds.DBInstance.Meta):
        filter_name = 'DBInstanceIdentifier'

    filter_registry = filters
    action_registry = actions
    account_id = None
Example #37
0
from dateutil.tz import tzutc

import logging
import itertools

from c7n.actions import ActionRegistry, BaseAction
from c7n.filters import FilterRegistry

from c7n.manager import ResourceManager, resources
from c7n.offhours import Time, OffHour, OnHour
from c7n.tags import TagActionFilter, DEFAULT_TAG
from c7n.utils import local_session, query_instances, type_schema

log = logging.getLogger('custodian.asg')

filters = FilterRegistry('asg.filters')
actions = ActionRegistry('asg.actions')


filters.register('time', Time)
filters.register('offhour', OffHour)
filters.register('onhour', OnHour)
filters.register('marked-for-op', TagActionFilter)


@resources.register('asg')
class ASG(ResourceManager):

    filter_registry = filters
    action_registry = actions
    
Example #38
0
from c7n.actions import Action, ActionRegistry, AutoTagUser
from c7n.filters import (
    FilterRegistry, ValueFilter, AgeFilter, Filter, FilterValidationError,
    OPERATORS)
from c7n.filters.offhours import OffHour, OnHour
import c7n.filters.vpc as net_filters

from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n.tags import TagActionFilter, DEFAULT_TAG, TagCountFilter, TagTrim
from c7n.utils import (
    local_session, type_schema, chunks, get_retry, worker)

log = logging.getLogger('custodian.asg')

filters = FilterRegistry('asg.filters')
actions = ActionRegistry('asg.actions')

filters.register('offhour', OffHour)
filters.register('onhour', OnHour)
filters.register('tag-count', TagCountFilter)
filters.register('marked-for-op', TagActionFilter)
actions.register('auto-tag-user', AutoTagUser)


@resources.register('asg')
class ASG(QueryResourceManager):

    class resource_type(object):
        service = 'autoscaling'
        type = 'autoScalingGroup'
Example #39
0
from dateutil.parser import parse

from c7n.actions import (
    ActionRegistry, BaseAction, ModifyVpcSecurityGroupsAction)
from c7n.filters import FilterRegistry, AgeFilter, OPERATORS
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n.tags import universal_augment
from c7n.utils import (
    local_session, generate_arn,
    get_retry, chunks, snapshot_identifier, type_schema)

log = logging.getLogger('custodian.elasticache')

filters = FilterRegistry('elasticache.filters')
actions = ActionRegistry('elasticache.actions')

TTYPE = re.compile('cache.t')


@resources.register('cache-cluster')
class ElastiCacheCluster(QueryResourceManager):

    class resource_type(object):
        service = 'elasticache'
        type = 'cluster'
        enum_spec = ('describe_cache_clusters',
                     'CacheClusters[]', None)
        name = id = 'CacheClusterId'
        filter_name = 'CacheClusterId'
Example #40
0
    CrossAccountAccessFilter, FilterRegistry, Filter, AgeFilter, OPERATORS,
    FilterValidationError)

from c7n.filters.health import HealthEventFilter
import c7n.filters.vpc as net_filters
from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n import tags
from c7n.utils import (
    local_session, type_schema,
    get_retry, chunks, generate_arn, snapshot_identifier)
from c7n.resources.kms import ResourceKmsKeyAlias

log = logging.getLogger('custodian.rds')

filters = FilterRegistry('rds.filters')
actions = ActionRegistry('rds.actions')

filters.register('tag-count', tags.TagCountFilter)
filters.register('marked-for-op', tags.TagActionFilter)
filters.register('health-event', HealthEventFilter)
actions.register('auto-tag-user', AutoTagUser)


@resources.register('rds')
class RDS(QueryResourceManager):
    """Resource manager for RDS DB instances.
    """

    class resource_type(object):
        service = 'rds'
Example #41
0
)
from c7n.filters import (
    FilterRegistry, AgeFilter, ValueFilter, Filter, OPERATORS, DefaultVpcBase
)
from c7n.filters.offhours import OffHour, OnHour
from c7n.filters.health import HealthEventFilter
import c7n.filters.vpc as net_filters

from c7n.manager import resources
from c7n.query import QueryResourceManager

from c7n import utils
from c7n.utils import type_schema


filters = FilterRegistry('ec2.filters')
actions = ActionRegistry('ec2.actions')

actions.register('auto-tag-user', AutoTagUser)
filters.register('health-event', HealthEventFilter)


@resources.register('ec2')
class EC2(QueryResourceManager):

    class resource_type(object):
        service = 'ec2'
        type = 'instance'
        enum_spec = ('describe_instances', 'Reservations[].Instances[]', None)
        detail_spec = None
        id = 'InstanceId'
Example #42
0
from c7n.actions import ActionRegistry, BaseAction, AutoTagUser
from c7n.filters import (
    FilterRegistry, ValueFilter, AgeFilter, Filter, FilterValidationError,
    OPERATORS)
from c7n.filters.offhours import OffHour, OnHour
import c7n.filters.vpc as net_filters

from c7n.manager import resources
from c7n.query import QueryResourceManager
from c7n.tags import TagActionFilter, DEFAULT_TAG, TagCountFilter, TagTrim
from c7n.utils import (
    local_session, query_instances, type_schema, chunks, get_retry, worker)

log = logging.getLogger('custodian.asg')

filters = FilterRegistry('asg.filters')
actions = ActionRegistry('asg.actions')

filters.register('offhour', OffHour)
filters.register('onhour', OnHour)
filters.register('tag-count', TagCountFilter)
filters.register('marked-for-op', TagActionFilter)
actions.register('auto-tag-user', AutoTagUser)


@resources.register('asg')
class ASG(QueryResourceManager):

    resource_type = "aws.autoscaling.autoScalingGroup"
    id_field = 'AutoScalingGroupName'
    report_fields = [