Skip to content

Instantly share code, notes, and snippets.

Created Apr 19, 2019
What would you like to do?
Run a Cloud Custodian policy file from a Python script. Most useful perhaps to be able to run Cloud Custodian from AWS Lambda.
import os
import logging
from c7n.commands import run
from c7n.config import Config
logger = logging.getLogger()
# Capture our current directory
THIS_DIR = os.path.dirname(os.path.abspath(__file__))
OUT_DIR = '/tmp'
assumed_role = 'arn:aws:iam::{{ account_id }}:{{ target_role }}'
filename = 'my-policy.yml'
default_c7n_config = {
'skip-validation': True,
'vars': None,
'debug': True,
'assume': assumed_role,
'output_dir': os.path.join(OUT_DIR, 'out'),
'region': 'us-east-1',
'configs': [filename]
run_config = Config.empty(**default_c7n_config)'Running policy: ' + filename)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment