Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jimrazmus/c7n-policies

Cloud Custodian Policies for Automated Amazon Resource Management
https://github.com/jimrazmus/c7n-policies

amazon-web-services automation cis cloud-custodian cloudformation compliance governance python

Last synced: 3 months ago
JSON representation

Cloud Custodian Policies for Automated Amazon Resource Management

Host: GitHub
URL: https://github.com/jimrazmus/c7n-policies
Owner: jimrazmus
License: mit
Created: 2017-10-29T21:21:05.000Z (about 7 years ago)
Default Branch: master
Last Pushed: 2019-09-03T20:36:17.000Z (about 5 years ago)
Last Synced: 2024-06-28T08:35:14.789Z (5 months ago)
Topics: amazon-web-services, automation, cis, cloud-custodian, cloudformation, compliance, governance, python
Language: Python
Homepage:
Size: 132 KB
Stars: 59
Watchers: 9
Forks: 30
Open Issues: 4
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

# Cloud Custodian Policies

[![CircleCI](https://circleci.com/gh/jimrazmus/c7n-policies/tree/master.svg?style=svg)](https://circleci.com/gh/jimrazmus/c7n-policies/tree/master)

This repo contains policy documents that Cloud Custodian will consume.

Cloud Custodian is a tool that unifies the dozens of tools and scripts most organizations use for managing their AWS accounts into one open source tool. It’s a stateless rules engine for policy definition and enforcement, with metrics and detailed reporting for AWS.

Read the [Cloud Custodian documentation](http://www.capitalone.io/cloud-custodian/docs/) for more details.

## Policy Validation

Policies are automatically validated via [CircleCI](https://circleci.com/gh/jimrazmus/c7n-policies/tree/master). It runs Cloud Custodian in a Docker container that includes:

* Python version 2.7.14
* Cloud Custodian version 0.8.44.2

## AWS Account Installation

Leverage CloudFormation and these templates as a reference for creating message queues and a role for the lambdas to run:

* [c7nSQSMessageQueues-CloudFormation.yml](c7n-core/c7nSQSMessageQueues-CloudFormation.yml)
* [c7nLambdaExecutionRole-CloudFormation.yml](c7n-core/c7nLambdaExecutionRole-CloudFormation.yml)

## Policy Anatomy

One or more policies are defined in a yaml file. A policy specifies the following items:

* The type of resource to run the policy against
* Filters to select the set of target resources
* Actions to take on the filtered set of resources

Policies can be run from your laptop or as AWS Lambdas.