Last active
March 27, 2018 21:12
-
-
Save jtroberts83/f2073ba8b8889106aae5c26ba07ba9aa to your computer and use it in GitHub Desktop.
Terminate EC2 Instances Stopped For 60 Days or More
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| policies: | |
| - name: ec2-mark-stopped-instance-realtime | |
| tags: [Realtime,Tag] | |
| resource: ec2 | |
| mode: | |
| type: cloudtrail | |
| events: | |
| - source: ec2.amazonaws.com | |
| event: StopInstances | |
| ids: "responseElements.instancesSet.items[].instanceId" | |
| description: | | |
| Mark the instance that was just stopped for deletion in 60 days | |
| if not started again in the meantime for patching which is | |
| similar to internal policies as it wont be patched. | |
| It also Tags the user who last stopped the instance | |
| filters: | |
| - "tag:c7n_stopped_instance": absent | |
| - not: | |
| - "tag:ServerStoppedBy": "custodian-agt-ec2-offhours-stop" | |
| actions: | |
| - type: mark-for-op | |
| tag: c7n_stopped_instance | |
| op: terminate | |
| days: 60 | |
| - type: auto-tag-user | |
| tag: ServerStoppedBy | |
| - name: ec2-unmark-running-deletion-realtime | |
| tags: [Realtime,Tag] | |
| resource: ec2 | |
| mode: | |
| type: cloudtrail | |
| events: | |
| - source: ec2.amazonaws.com | |
| event: StartInstances | |
| ids: "responseElements.instancesSet.items[].instanceId" | |
| description: | | |
| Unmark/untag the ec2 instance that was just started if it was | |
| scheduled for deletion due to being stopped. It also | |
| Tags server with who started it last | |
| actions: | |
| - type: unmark | |
| tags: ["c7n_stopped_instance"] | |
| - type: auto-tag-user | |
| tag: ServerStartedBy | |
| - name: ec2-notify-before-delete-marked-14-days | |
| tags: [Pull,NotifyCloud,NotifyCustomer] | |
| resource: ec2 | |
| description: | | |
| Notify on any ec2 instances that will be deleted in 14 days if not started | |
| comments: | | |
| Your EC2 server will be terminated in 14 days if not started and patched by then. | |
| Please start your stopped servers and install all patches. After patching is complete you may power off your server again. | |
| filters: | |
| - type: marked-for-op | |
| tag: c7n_stopped_instance | |
| op: terminate | |
| skew: 14 | |
| actions: | |
| - type: notify | |
| template: default.html | |
| priority_header: 2 | |
| subject: "EC2 Stopped Instance Termination Scheduled! [custodian {{ account }} - {{ region }}]" | |
| violation_desc: "EC2(s) have been in a stopped state for 45 days and at 60 days will be termianted:" | |
| action_desc: "Actions Taken: Notification Only" | |
| to: | |
| - CloudCustodian@Company.com | |
| - resource-owner | |
| transport: | |
| type: sqs | |
| queue: https://sqs.us-east-1.amazonaws.com/XXXXXXXXXXX/cloud-custodian-mailer | |
| region: us-east-1 | |
| - name: ec2-notify-before-delete-marked-7-days | |
| tags: [Pull,NotifyCloud,NotifyCustomer] | |
| resource: ec2 | |
| description: | | |
| Notify on any ec2 instances that will be deleted in 7 days if not started | |
| comments: | | |
| Your EC2 server will be terminated in 7 days if not started and patched by then. | |
| Please start your stopped servers and install all patches. After patching is complete you may power off your server again. | |
| filters: | |
| - type: marked-for-op | |
| tag: c7n_stopped_instance | |
| op: terminate | |
| skew: 7 | |
| actions: | |
| - type: notify | |
| template: default.html | |
| priority_header: 1 | |
| subject: "EC2 Stopped Instance Termination Scheduled! [custodian {{ account }} - {{ region }}]" | |
| violation_desc: "EC2(s) have been in a stopped state for 53 days and at 60 days will be termianted:" | |
| action_desc: "Actions Taken: Notification Only" | |
| to: | |
| - CloudCustodian@Company.com | |
| - resource-owner | |
| transport: | |
| type: sqs | |
| queue: https://sqs.us-east-1.amazonaws.com/XXXXXXXXXXX/cloud-custodian-mailer | |
| region: us-east-1 | |
| - name: ec2-notify-before-delete-marked-1-days | |
| tags: [Pull,NotifyCloud,NotifyCustomer] | |
| resource: ec2 | |
| description: | | |
| Notify on any ec2 instances that will be deleted in 1 days if not started | |
| comments: | | |
| Your EC2 server will be terminated in 1 days if not started and patched by then. | |
| Please start your stopped servers and install all patches. After patching is complete you may power off your server again. | |
| filters: | |
| - type: marked-for-op | |
| tag: c7n_stopped_instance | |
| op: terminate | |
| skew: 1 | |
| actions: | |
| - type: notify | |
| template: default.html | |
| priority_header: 1 | |
| subject: "EC2 Stopped Instance Termination Scheduled tomorrow! [custodian {{ account }} - {{ region }}]" | |
| violation_desc: "EC2(s) have been in a stopped state for 59 days and at 60 days will be termianted:" | |
| action_desc: "Actions Taken: Notification Only" | |
| to: | |
| - CloudCustodian@Company.com | |
| - resource-owner | |
| transport: | |
| type: sqs | |
| queue: https://sqs.us-east-1.amazonaws.com/XXXXXXXXXXX/cloud-custodian-mailer | |
| region: us-east-1 | |
| - name: ec2-delete-marked | |
| tags: [Pull,Delete,NotifyCloud,NotifyCustomer] | |
| resource: ec2 | |
| description: | | |
| Notify on any ec2 instances that were scheduled | |
| for deletion if its been stopped for 60 days | |
| and no longer up-to-date on patching. | |
| comments: Your EC2 server has been terminated due to being offline for 60 days. | |
| filters: | |
| - type: marked-for-op | |
| tag: c7n_stopped_instance | |
| op: terminate | |
| - "tag:ResourceContact": present | |
| actions: | |
| - type: terminate | |
| force: true | |
| - type: notify | |
| template: default.html | |
| priority_header: 1 | |
| subject: "EC2 Stopped Instance Tagged [custodian {{ account }} - {{ region }}]" | |
| violation_desc: "EC2(s) have been stopped for 60 days:" | |
| action_desc: "Actions Taken: The EC2(s) have been terminated as their patching is out-of-date" | |
| to: | |
| - CloudCustodian@Company.com | |
| - resource-owner | |
| transport: | |
| type: sqs | |
| queue: https://sqs.us-east-1.amazonaws.com/XXXXXXXXXXX/cloud-custodian-mailer | |
| region: us-east-1 | |
| - name: ec2-stopped-over-60days-instance-no-contact | |
| tags: [Pull,NotifyCloud] | |
| resource: ec2 | |
| description: | | |
| Notify on any ec2 instances that were scheduled | |
| for deletion if its been stopped for 60 days | |
| and no longer up-to-date on patching. | |
| comments: SERVERS NEED DELETING BUT NO RESOURCE CONTACT PRESENT. | |
| filters: | |
| - type: marked-for-op | |
| tag: c7n_stopped_instance | |
| op: terminate | |
| - "tag:ResourceContact": absent | |
| actions: | |
| - type: notify | |
| template: default.html | |
| priority_header: 1 | |
| subject: "OLD EC2 NO CONTACT TAG[custodian {{ account }} - {{ region }}]" | |
| violation_desc: "The following EC2 instances have been stopped for over 60 days and would normally be deleted by Cloud Custodian but there are no Resource Contact tags:" | |
| action_desc: "Please investigate and notify the servers owners to add tags and start and patch their servers." | |
| to: | |
| - CloudCustodian@Company.com | |
| transport: | |
| type: sqs | |
| queue: https://sqs.us-east-1.amazonaws.com/XXXXXXXXXXX/cloud-custodian-mailer | |
| region: us-east-1 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment