Run a Cloud Custodian policy file from a Python script. Most useful perhaps to be able to run Cloud Custodian from AWS Lambda.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import logging | |
from c7n.commands import run | |
from c7n.config import Config | |
logger = logging.getLogger() | |
logger.setLevel(logging.INFO) | |
# Capture our current directory | |
THIS_DIR = os.path.dirname(os.path.abspath(__file__)) | |
OUT_DIR = '/tmp' | |
assumed_role = 'arn:aws:iam::{{ account_id }}:{{ target_role }}' | |
filename = 'my-policy.yml' | |
default_c7n_config = { | |
'skip-validation': True, | |
'vars': None, | |
'debug': True, | |
'assume': assumed_role, | |
'output_dir': os.path.join(OUT_DIR, 'out'), | |
'region': 'us-east-1', | |
'configs': [filename] | |
} | |
run_config = Config.empty(**default_c7n_config) | |
logger.info('Running policy: ' + filename) | |
run(run_config) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello there,
It's really great, your script have helped me out a lot.
I have made few modifications to the same code so that it can be ran using c7n_org module where we can run it onto multiple accounts and regions accordingly.
Can you please correct my modifications so that it would be executable on c7n_org as well.
Error Msg I am getting is :

Error: Missing option '-c' / '--config'.
Thank You !
Regards
Pavan