View lambda-data.yml
- name: all-lambdas
resource: lambda
- name: custodian-lambdas
resource: lambda
- type: value
key: FunctionName
value: "^custodian*"
View foo.yml
- name: aws-cloudtrail-not-enabled
resource: account
region: us-east-1
- level:high
description: |
Policy scans for accounts which do not have CloudTrails enabled in the current region
- type: check-cloudtrail

Three python diff libraries were evaluated for comparing resource revisions.

  • jsonpatch
  • dictdiffer
  • DeepDiff

Additional a consideration of rolling our own thats specific to custodian's needs.


View gist:a4b0e8ff8ae1342e00568311e0bbca13
(custodian)60f81dc15d88:custodian ylv522$ custodian run -c rule.yml -s out -v
2016-10-07 07:43:04,779: custodian.output:DEBUG Storing output with <DirectoryOutput to dir:out/sg-check>
2016-10-07 07:43:04,779: custodian.policy:INFO Provisioning policy lambda sg-check
2016-10-07 07:43:04,886: custodian.lambda:DEBUG Created custodian lambda archive size: 0.51mb
2016-10-07 07:43:05,210: custodian.lambda:INFO Publishing custodian policy lambda function custodian-sg-check
2016-10-07 07:43:09,103: custodian.lambda:DEBUG Publishing custodian lambda alias current
2016-10-07 07:43:09,823: custodian.lambda:DEBUG Adding config rule for custodian-sg-check
2016-10-07 07:43:10,253: custodian.lambda:DEBUG Added event source: <ConfigRule> to function: arn:aws:lambda:us-east-1:644160558196:function:custodian-sg-check:current
(custodian)60f81dc15d88:custodian ylv522$ cat rule.yml
View cidr_refactor.diff
diff --git a/c7n/resources/ b/c7n/resources/
index bfc3793..4139f42 100644
--- a/c7n/resources/
+++ b/c7n/resources/
@@ -12,6 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
from botocore.exceptions import ClientError
View network-eni.yml
- resource: eni
name: all-nics
- resource: eni
description: Amazon ELB
name: elb-nics
- RequesterManaged: true

Docker Volumes

Examining opensource docker volumes for aws ebs support.

Key requirements in this case are simplicity, support for aws ebs volumes, with kms, snapshots, and use of instance roles for credentails.

Aka secure, encrypted, and with backups.

Ideally with some notion of zone awareness and distinguishing that on container move.

View gist:c386867f209ac1b55d33b8817c9b3f91
(custodian)60f81dc15d88:c7n ylv522$ git diff
diff --git a/c7n/ b/c7n/
index a24e1d6..e83fa32 100644
--- a/c7n/
+++ b/c7n/
@@ -289,11 +289,15 @@ class Tag(Action, ResourceTag):
batch_size ='batch_size', self.batch_size)
+ id_key = self.manager.get_model().id
View metrics.rst
Metrics Filters
Supports cloud watch metrics filters on resources.
Docs on cloud watch metrics

Hosted Drone with commercial subscription

Automatic Discovery.. I don't have organization access to accept the integration, ie. No organization access granted, access requested.

Using the manual add with capitalone/cloud-custodian

Status Code:500 Internal Server Error
Not Found