from dateutil.parser import parse as parse_date from dateutil.tz import tzutc from c7n.actions import ActionRegistry, BaseAction from c7n.exceptions import PolicyValidationError from c7n.filters import Filter, FilterRegistry, ValueFilter from c7n.filters.missing import Missing from c7n.manager import ResourceManager, resources from c7n.utils import local_session, type_schema from c7n.resources.iam import CredentialReport filters = FilterRegistry('aws.account.actions') actions = ActionRegistry('aws.account.filters') filters.register('missing', Missing) def get_account(session_factory, config): session = local_session(session_factory) client = session.client('iam') aliases = client.list_account_aliases().get('AccountAliases', ('', )) name = aliases and aliases[0] or "" return {'account_id': config.account_id, 'account_name': name} @resources.register('account') class Account(ResourceManager): filter_registry = filters action_registry = actions
from c7n.actions import ActionRegistry, BaseAction from c7n.filters import FilterRegistry from c7n.manager import ResourceManager, resources from c7n.offhours import Time, OffHour, OnHour from c7n.tags import TagActionFilter, DEFAULT_TAG from c7n.utils import local_session, query_instances, type_schema log = logging.getLogger('custodian.asg') filters = FilterRegistry('asg.filters') actions = ActionRegistry('asg.actions') filters.register('time', Time) filters.register('offhour', OffHour) filters.register('onhour', OnHour) filters.register('marked-for-op', TagActionFilter) @resources.register('asg') class ASG(ResourceManager): filter_registry = filters action_registry = actions def resources(self): c = self.session_factory().client('autoscaling') query = self.resource_query() if self._cache.load():
from c7n.filters import ( FilterRegistry, ValueFilter, DefaultVpcBase, AgeFilter, OPERATORS) import c7n.filters.vpc as net_filters from c7n.manager import resources from c7n.query import QueryResourceManager from c7n import tags from c7n.utils import ( type_schema, local_session, chunks, generate_arn, get_retry, get_account_id, snapshot_identifier) log = logging.getLogger('custodian.redshift') filters = FilterRegistry('redshift.filters') actions = ActionRegistry('redshift.actions') filters.register('marked-for-op', tags.TagActionFilter) @resources.register('redshift') class Redshift(QueryResourceManager): resource_type = "aws.redshift.cluster" filter_registry = filters action_registry = actions retry = staticmethod(get_retry(('Throttling',))) _generate_arn = _account_id = None @property def account_id(self): if self._account_id is None:
from c7n.filters.health import HealthEventFilter import c7n.filters.vpc as net_filters from c7n.manager import resources from c7n.query import QueryResourceManager from c7n import tags from c7n.utils import ( local_session, type_schema, get_retry, chunks, generate_arn, snapshot_identifier) from c7n.resources.kms import ResourceKmsKeyAlias log = logging.getLogger('custodian.rds') filters = FilterRegistry('rds.filters') actions = ActionRegistry('rds.actions') filters.register('tag-count', tags.TagCountFilter) filters.register('marked-for-op', tags.TagActionFilter) filters.register('health-event', HealthEventFilter) actions.register('auto-tag-user', AutoTagUser) @resources.register('rds') class RDS(QueryResourceManager): """Resource manager for RDS DB instances. """ class resource_type(object): service = 'rds' type = 'db' enum_spec = ('describe_db_instances', 'DBInstances', None) id = 'DBInstanceIdentifier'
from c7n.query import QueryResourceManager, ResourceQuery from c7n.tags import RemoveTag, Tag, TagActionFilter, TagDelayedAction from c7n.utils import ( chunks, local_session, set_annotation, type_schema, dumps, get_account_id) """ TODO: - How does replication status effect in place encryption. - Test glacier support """ log = logging.getLogger('custodian.s3') filters = FilterRegistry('s3.filters') actions = ActionRegistry('s3.actions') filters.register('marked-for-op', TagActionFilter) actions.register('auto-tag-user', AutoTagUser) MAX_COPY_SIZE = 1024 * 1024 * 1024 * 2 @resources.register('s3') class S3(QueryResourceManager): #resource_type = "aws.s3.bucket" class resource_type(ResourceQuery.resolve("aws.s3.bucket")): dimension = 'BucketName' executor_factory = executor.ThreadPoolExecutor filter_registry = filters
import c7n.filters.vpc as net_filters from datetime import datetime from dateutil.tz import tzutc from c7n import tags from c7n.manager import resources from c7n.query import QueryResourceManager, DescribeSource from c7n.utils import local_session, chunks, type_schema, get_retry, REGION_PARTITION_MAP from c7n.resources.shield import IsShieldProtected, SetShieldProtection log = logging.getLogger('custodian.elb') filters = FilterRegistry('elb.filters') actions = ActionRegistry('elb.actions') filters.register('tag-count', tags.TagCountFilter) filters.register('marked-for-op', tags.TagActionFilter) filters.register('shield-enabled', IsShieldProtected) filters.register('shield-metrics', ShieldMetrics) @resources.register('elb') class ELB(QueryResourceManager): class resource_type(object): service = 'elb' resource_type = 'elasticloadbalancing:loadbalancer' type = 'loadbalancer' enum_spec = ('describe_load_balancers', 'LoadBalancerDescriptions', None) detail_spec = None
group_ids = set() for r in resources: group_ids.update( [s['SubnetIdentifier'] for s in self.groups[r['CacheSubnetGroupName']]['Subnets']]) return group_ids def process(self, resources, event=None): self.groups = { r['CacheSubnetGroupName']: r for r in self.manager.get_resource_manager( 'cache-subnet-group').resources()} return super(SubnetFilter, self).process(resources, event) filters.register('network-location', net_filters.NetworkLocation) @actions.register('delete') class DeleteElastiCacheCluster(BaseAction): """Action to delete an elasticache cluster To prevent unwanted deletion of elasticache clusters, it is recommended to include a filter :example: .. code-block: yaml policies: - name: elasticache-delete-stale-clusters
from c7n.filters import (FilterRegistry, ValueFilter, AgeFilter, Filter, FilterValidationError, OPERATORS) from c7n.filters.offhours import OffHour, OnHour import c7n.filters.vpc as net_filters from c7n.manager import resources from c7n.query import QueryResourceManager from c7n.tags import TagActionFilter, DEFAULT_TAG, TagCountFilter, TagTrim from c7n.utils import (local_session, type_schema, chunks, get_retry, worker) log = logging.getLogger('custodian.asg') filters = FilterRegistry('asg.filters') actions = ActionRegistry('asg.actions') filters.register('offhour', OffHour) filters.register('onhour', OnHour) filters.register('tag-count', TagCountFilter) filters.register('marked-for-op', TagActionFilter) actions.register('auto-tag-user', AutoTagUser) @resources.register('asg') class ASG(QueryResourceManager): class resource_type(object): service = 'autoscaling' type = 'autoScalingGroup' id = name = 'AutoScalingGroupName' date = 'CreatedTime' dimension = 'AutoScalingGroupName' enum_spec = ('describe_auto_scaling_groups', 'AutoScalingGroups', None)
OPERATORS) from c7n.filters.offhours import OffHour, OnHour import c7n.filters.vpc as net_filters from c7n.manager import resources from c7n.query import QueryResourceManager from c7n.tags import TagActionFilter, DEFAULT_TAG, TagCountFilter, TagTrim from c7n.utils import ( local_session, query_instances, type_schema, chunks, get_retry, worker) log = logging.getLogger('custodian.asg') filters = FilterRegistry('asg.filters') actions = ActionRegistry('asg.actions') filters.register('offhour', OffHour) filters.register('onhour', OnHour) filters.register('tag-count', TagCountFilter) filters.register('marked-for-op', TagActionFilter) actions.register('auto-tag-user', AutoTagUser) @resources.register('asg') class ASG(QueryResourceManager): resource_type = "aws.autoscaling.autoScalingGroup" id_field = 'AutoScalingGroupName' report_fields = [ 'AutoScalingGroupName', 'count:Instances', 'tag:ASV',
OPERATORS, DefaultVpcBase) from c7n.filters.offhours import OffHour, OnHour from c7n.filters.health import HealthEventFilter import c7n.filters.vpc as net_filters from c7n.manager import resources from c7n.query import QueryResourceManager from c7n import utils from c7n.utils import type_schema filters = FilterRegistry('ec2.filters') actions = ActionRegistry('ec2.actions') actions.register('auto-tag-user', AutoTagUser) filters.register('health-event', HealthEventFilter) @resources.register('ec2') class EC2(QueryResourceManager): class resource_type(object): service = 'ec2' type = 'instance' enum_spec = ('describe_instances', 'Reservations[].Instances[]', None) detail_spec = None id = 'InstanceId' filter_name = 'InstanceIds' filter_type = 'list' name = 'PublicDnsName' date = 'LaunchTime' dimension = 'InstanceId'
from c7n.filters.offhours import OffHour, OnHour from c7n.filters.health import HealthEventFilter import c7n.filters.vpc as net_filters from c7n.manager import resources from c7n.query import QueryResourceManager from c7n import utils from c7n.utils import type_schema filters = FilterRegistry('ec2.filters') actions = ActionRegistry('ec2.actions') actions.register('auto-tag-user', AutoTagUser) filters.register('health-event', HealthEventFilter) @resources.register('ec2') class EC2(QueryResourceManager): class resource_type(object): service = 'ec2' type = 'instance' enum_spec = ('describe_instances', 'Reservations[].Instances[]', None) detail_spec = None id = 'InstanceId' filter_name = 'InstanceIds' filter_type = 'list' name = 'PublicDnsName' date = 'LaunchTime'
from botocore.exceptions import ClientError from c7n.actions import ActionRegistry, BaseAction from c7n.filters import Filter, FilterRegistry, FilterValidationError from c7n.tags import (TagCountFilter, TagActionFilter, TagDelayedAction as _TagDelayedAction) from c7n.manager import ResourceManager, resources from c7n.utils import local_session, chunks, type_schema log = logging.getLogger('custodian.elb') filters = FilterRegistry('elb.filters') actions = ActionRegistry('elb.actions') filters.register('tag-count', TagCountFilter) filters.register('marked-for-op', TagActionFilter) @resources.register('elb') class ELB(ResourceManager): filter_registry = filters action_registry = actions def resources(self): if self._cache.load(): elbs = self._cache.get({ 'region': self.config.region, 'resource': 'elb' })
from c7n.actions import ActionRegistry, BaseAction from c7n.filters import FilterRegistry, Filter, AgeFilter from c7n.manager import resources from c7n.query import QueryResourceManager from c7n import tags from c7n.utils import local_session, type_schema, get_account_id, chunks from skew.resources.aws import rds log = logging.getLogger('custodian.rds') filters = FilterRegistry('rds.filters') actions = ActionRegistry('rds.actions') filters.register('tag-count', tags.TagCountFilter) filters.register('marked-for-op', tags.TagActionFilter) @resources.register('rds') class RDS(QueryResourceManager): class resource_type(rds.DBInstance.Meta): filter_name = 'DBInstanceIdentifier' filter_registry = filters action_registry = actions account_id = None def augment(self, resources): session = local_session(self.session_factory)
OPERATORS) from c7n.filters.offhours import OffHour, OnHour import c7n.filters.vpc as net_filters from c7n.manager import resources from c7n.query import QueryResourceManager from c7n.tags import TagActionFilter, DEFAULT_TAG, TagCountFilter, TagTrim from c7n.utils import ( local_session, type_schema, chunks, get_retry, worker) log = logging.getLogger('custodian.asg') filters = FilterRegistry('asg.filters') actions = ActionRegistry('asg.actions') filters.register('offhour', OffHour) filters.register('onhour', OnHour) filters.register('tag-count', TagCountFilter) filters.register('marked-for-op', TagActionFilter) actions.register('auto-tag-user', AutoTagUser) @resources.register('asg') class ASG(QueryResourceManager): class resource_type(object): service = 'autoscaling' type = 'autoScalingGroup' id = name = 'AutoScalingGroupName' date = 'CreatedTime' dimension = 'AutoScalingGroupName'
from c7n.actions import ActionRegistry, BaseAction, AutoTagUser from c7n.filters import (FilterRegistry, ValueFilter, AgeFilter, Filter, FilterValidationError, OPERATORS) from c7n.manager import resources from c7n.query import QueryResourceManager from c7n.offhours import Time, OffHour, OnHour from c7n.tags import TagActionFilter, DEFAULT_TAG, TagCountFilter, TagTrim from c7n.utils import local_session, query_instances, type_schema, chunks log = logging.getLogger('custodian.asg') filters = FilterRegistry('asg.filters') actions = ActionRegistry('asg.actions') filters.register('time', Time) filters.register('offhour', OffHour) filters.register('onhour', OnHour) filters.register('tag-count', TagCountFilter) filters.register('marked-for-op', TagActionFilter) actions.register('auto-tag-user', AutoTagUser) @resources.register('asg') class ASG(QueryResourceManager): resource_type = "aws.autoscaling.autoScalingGroup" filter_registry = filters action_registry = actions
from c7n.actions import ActionRegistry, BaseAction from c7n.exceptions import PolicyValidationError from c7n.filters import Filter, FilterRegistry, ValueFilter from c7n.filters.missing import Missing from c7n.manager import ResourceManager, resources from c7n.utils import local_session, type_schema from c7n.resources.iam import CredentialReport filters = FilterRegistry('aws.account.actions') actions = ActionRegistry('aws.account.filters') filters.register('missing', Missing) def get_account(session_factory, config): session = local_session(session_factory) client = session.client('iam') aliases = client.list_account_aliases().get( 'AccountAliases', ('',)) name = aliases and aliases[0] or "" return {'account_id': config.account_id, 'account_name': name} @resources.register('account') class Account(ResourceManager):
from c7n.actions import ActionRegistry, BaseAction, ModifyVpcSecurityGroupsAction from c7n.filters import (FilterRegistry, ValueFilter, DefaultVpcBase, AgeFilter, OPERATORS) import c7n.filters.vpc as net_filters from c7n.manager import resources from c7n.query import QueryResourceManager from c7n import tags from c7n.utils import (type_schema, local_session, chunks, generate_arn, get_retry, snapshot_identifier) log = logging.getLogger('custodian.redshift') filters = FilterRegistry('redshift.filters') actions = ActionRegistry('redshift.actions') filters.register('marked-for-op', tags.TagActionFilter) @resources.register('redshift') class Redshift(QueryResourceManager): class resource_type(object): service = 'redshift' type = 'cluster' enum_spec = ('describe_clusters', 'Clusters', None) detail_spec = None name = id = 'ClusterIdentifier' filter_name = 'ClusterIdentifier' filter_type = 'scalar' date = 'ClusterCreateTime' dimension = 'ClusterIdentifier' config_type = "AWS::Redshift::Cluster"
from c7n.filters.health import HealthEventFilter import c7n.filters.vpc as net_filters from c7n.manager import resources from c7n.query import QueryResourceManager from c7n import tags from c7n.utils import (local_session, type_schema, get_retry, chunks, generate_arn, snapshot_identifier) from c7n.resources.kms import ResourceKmsKeyAlias log = logging.getLogger('custodian.rds') filters = FilterRegistry('rds.filters') actions = ActionRegistry('rds.actions') filters.register('tag-count', tags.TagCountFilter) filters.register('marked-for-op', tags.TagActionFilter) filters.register('health-event', HealthEventFilter) actions.register('auto-tag-user', AutoTagUser) @resources.register('rds') class RDS(QueryResourceManager): """Resource manager for RDS DB instances. """ class resource_type(object): service = 'rds' type = 'db' enum_spec = ('describe_db_instances', 'DBInstances', None) id = 'DBInstanceIdentifier' name = 'Endpoint.Address'
CrossAccountAccessFilter) import c7n.filters.vpc as net_filters from c7n.manager import resources from c7n.resolver import ValuesFrom from c7n.query import QueryResourceManager from c7n import tags from c7n.utils import ( type_schema, local_session, chunks, generate_arn, get_retry, snapshot_identifier) log = logging.getLogger('custodian.redshift') filters = FilterRegistry('redshift.filters') actions = ActionRegistry('redshift.actions') filters.register('marked-for-op', tags.TagActionFilter) @resources.register('redshift') class Redshift(QueryResourceManager): class resource_type(object): service = 'redshift' type = 'cluster' enum_spec = ('describe_clusters', 'Clusters', None) detail_spec = None name = id = 'ClusterIdentifier' filter_name = 'ClusterIdentifier' filter_type = 'scalar' date = 'ClusterCreateTime' dimension = 'ClusterIdentifier'
group_ids.update([ s['SubnetIdentifier'] for s in self.groups[r['CacheSubnetGroupName']]['Subnets'] ]) return group_ids def process(self, resources, event=None): self.groups = { r['CacheSubnetGroupName']: r for r in self.manager.get_resource_manager( 'cache-subnet-group').resources() } return super(SubnetFilter, self).process(resources, event) filters.register('network-location', net_filters.NetworkLocation) @actions.register('delete') class DeleteElastiCacheCluster(BaseAction): """Action to delete an elasticache cluster To prevent unwanted deletion of elasticache clusters, it is recommended to include a filter :example: .. code-block:: yaml policies: - name: elasticache-delete-stale-clusters
import c7n.filters.vpc as net_filters from datetime import datetime from dateutil.tz import tzutc from c7n import tags from c7n.manager import resources from c7n.query import QueryResourceManager, DescribeSource from c7n.utils import local_session, chunks, type_schema, get_retry, worker from c7n.resources.shield import IsShieldProtected, SetShieldProtection log = logging.getLogger('custodian.elb') filters = FilterRegistry('elb.filters') actions = ActionRegistry('elb.actions') filters.register('tag-count', tags.TagCountFilter) filters.register('marked-for-op', tags.TagActionFilter) filters.register('shield-enabled', IsShieldProtected) filters.register('shield-metrics', ShieldMetrics) @resources.register('elb') class ELB(QueryResourceManager): class resource_type(object): service = 'elb' resource_type = 'elasticloadbalancing:loadbalancer' type = 'loadbalancer' enum_spec = ('describe_load_balancers', 'LoadBalancerDescriptions', None) detail_spec = None id = 'LoadBalancerName'
from botocore.exceptions import ClientError from c7n.manager import resources from c7n.query import QueryResourceManager from c7n import utils from c7n import tags from c7n.utils import get_retry, local_session, type_schema from c7n.actions import ActionRegistry, BaseAction from c7n.filters import FilterRegistry log = logging.getLogger('custodian.elasticbeanstalk') env_filters = FilterRegistry('elasticbeanstalk-environment.filters') env_actions = ActionRegistry('elasticbeanstalk-environment.actions') env_filters.register('tag-count', tags.TagCountFilter) env_filters.register('marked-for-op', tags.TagActionFilter) @resources.register('elasticbeanstalk') class ElasticBeanstalk(QueryResourceManager): class resource_type(object): service = 'elasticbeanstalk' enum_spec = ('describe_applications', 'Applications', None) name = "ApplicationName" id = "ApplicationName" dimension = None default_report_fields = ('ApplicationName', 'DateCreated', 'DateUpdated') filter_name = 'ApplicationNames' filter_type = 'list'