Skip to content

Instantly share code, notes, and snippets.

Created Apr 19, 2019
What would you like to do?
Run a Cloud Custodian policy file from a Python script. Most useful perhaps to be able to run Cloud Custodian from AWS Lambda.
import os
import logging
from c7n.commands import run
from c7n.config import Config
logger = logging.getLogger()
# Capture our current directory
THIS_DIR = os.path.dirname(os.path.abspath(__file__))
OUT_DIR = '/tmp'
assumed_role = 'arn:aws:iam::{{ account_id }}:{{ target_role }}'
filename = 'my-policy.yml'
default_c7n_config = {
'skip-validation': True,
'vars': None,
'debug': True,
'assume': assumed_role,
'output_dir': os.path.join(OUT_DIR, 'out'),
'region': 'us-east-1',
'configs': [filename]
run_config = Config.empty(**default_c7n_config)'Running policy: ' + filename)
Copy link

pavantheavenger commented Jul 25, 2022

Hello there,

It's really great, your script have helped me out a lot.

I have made few modifications to the same code so that it can be ran using c7n_org module where we can run it onto multiple accounts and regions accordingly.

Can you please correct my modifications so that it would be executable on c7n_org as well.

Error Msg I am getting is :
Error: Missing option '-c' / '--config'.

Thank You !



Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment