Three python diff libraries were evaluated for comparing resource revisions.
Additional a consideration of rolling our own thats specific to custodian's needs.
|(custodian)60f81dc15d88:custodian ylv522$ custodian run -c rule.yml -s out -v|
|2016-10-07 07:43:04,779: custodian.output:DEBUG Storing output with <DirectoryOutput to dir:out/sg-check>|
|2016-10-07 07:43:04,779: custodian.policy:INFO Provisioning policy lambda sg-check|
|2016-10-07 07:43:04,886: custodian.lambda:DEBUG Created custodian lambda archive size: 0.51mb|
|2016-10-07 07:43:05,210: custodian.lambda:INFO Publishing custodian policy lambda function custodian-sg-check|
|2016-10-07 07:43:09,103: custodian.lambda:DEBUG Publishing custodian lambda alias current|
|2016-10-07 07:43:09,823: custodian.lambda:DEBUG Adding config rule for custodian-sg-check|
|2016-10-07 07:43:10,253: custodian.lambda:DEBUG Added event source: <ConfigRule> to function: arn:aws:lambda:us-east-1:644160558196:function:custodian-sg-check:current|
|(custodian)60f81dc15d88:custodian ylv522$ cat rule.yml|
|diff --git a/c7n/resources/vpc.py b/c7n/resources/vpc.py|
|index bfc3793..4139f42 100644|
|@@ -12,6 +12,7 @@|
|# See the License for the specific language governing permissions and|
|# limitations under the License.|
|from botocore.exceptions import ClientError|
Examining opensource docker volumes for aws ebs support.
Key requirements in this case are simplicity, support for aws ebs volumes, with kms, snapshots, and use of instance roles for credentails.
Aka secure, encrypted, and with backups.
Ideally with some notion of zone awareness and distinguishing that on container move.