/cloud-custodian-hands-on

Hands-On using simple Cloud Custodian policies

The UnlicenseUnlicense

Cloud Custodian Hands-on

Prerequisites

  1. AWS account
  2. AWS Access Key ID and Secret Key
  3. python2
  4. virtualenv and pip
  5. IAM role for AWS Lambda with "AdministratorAccess" policy attached

Install Cloud Custodian and create CloudTrail Trail

1. Clone git repository

git clone git@github.com:obounaim/cloud-custodian-hands-on.git
cd cloud-custodian-hands-on

2. Create Cloud Custodian virtual environment

virtualenv -p /usr/bin/python2 c7n_venv
source c7n_venv/bin/activate
pip install c7n

3. Create CloudTrail Trail and save it to an S3 bucket

AWS documentation

Cloud Custodian basic commands

Get Cloud Custodian command help

custodian --help
custodian run --help

Get Cloud Custodian schema

Example with ec2 resource :

custodian schema aws.ec2 
custodian schema aws.ec2.actions
custodian schema aws.ec2.filters

Deploy/Run Cloud Custodian policy

custodian run policy.yml --output-dir logs/
custodian run policy.yml --output-dir logs/ --profile aws_dev_account

Disable Cloud Custodian cache

custodian run policy.yml --output-dir logs/ --cache-period 0

Hands-On

Policy examples in "examples" folder :

cd examples
mkdir logs

1. Basic mode policy

basic_mode.yml

2. CloudTrail mode policy

cloudtrail_mode.yml

3. Periodic mode policy

periodic_mode.yml

4. Disable/Delete CloudTrail Trail and all other resources