Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/matthewdeanmartin/c7n_make

An opinionated Cloud Custodian build script with examples
https://github.com/matthewdeanmartin/c7n_make

Last synced: 18 days ago
JSON representation

An opinionated Cloud Custodian build script with examples

Host: GitHub
URL: https://github.com/matthewdeanmartin/c7n_make
Owner: matthewdeanmartin
License: apache-2.0
Created: 2024-10-18T13:48:57.000Z (3 months ago)
Default Branch: main
Last Pushed: 2024-11-28T16:58:47.000Z (about 1 month ago)
Last Synced: 2024-11-28T17:35:52.314Z (about 1 month ago)
Language: Python
Size: 101 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# c7n_make
An opinionated Cloud Custodian build script with examples

## Goals

- Some guidance for creating policy files.
- Folder structure
- Naming conventions

Testing
- Localstack and moto testing
- End-to-end testing
- Plugin development

Scripts
- Build scripts (are the artifacts good? Interpolate variables, set defaults, merge)
- Deployment scripts (Send to a custodian runner)

## Structure for policy

- The policy file
- The CC teardown file
- A pytest unit test and fixture to provision the resources, run the policy, assert, and then teardown.

## Structure for a policy collection

- A folder for each policy
- Some sort of templating strategy for creating slightly different versions, e.g. development/production
- TBD: yq? other?
- Development here can have two meanings, a place to prove your policies, but also the environment where the
enterprise developers other applications, which might have different levels of strictness.

## Policy Linting

- One policy per file. Policies can be compiled into a single file.
- The name should match the policy.
- Description should be present.

## Build checks

- Validate yaml
- Lint yaml with yamllint.
- Lint with AI
- Validate policy against schema.

## Testing

- Tests need to be able to create infrastructure and tear it down.
- There isn't a one size fits all way to create infrastructure.
- Code Custodian can't create resources, but it can tear down a lot of resources.
- Each policy needs at least two tests, a pass and a fail.
- Running on real AWS costs money, so tests should be equally happy to run on

## License

Some code copy-pasted from the Cloud Custodian project, see source file header.

Rest of code is Apache license for compatibility.