kapilt/network-eni.yml

## network-eni.yml
policies:

 - resource: eni
   name: all-nics

 - resource: eni
   description: Amazon ELB
   name: elb-nics
   filters:
    - RequesterManaged: true
    - "Attachment.InstanceOwnerId": "amazon-elb"

 - resource: eni
   name: rds-nics
   filters:
    - RequesterManaged: true
    - "Attachment.InstanceOwnerId": "amazon-rds"

 - resource: eni
   name: cache-nics
   filters:
    - RequesterManaged: true
    - "Attachment.InstanceOwnerId": "amazon-elasticache"

 - resource: eni
   name: nat-nics
   filters:
    - RequesterManaged: true
    - "Attachment.InstanceOwnerId": "amazon-aws"

 - resource: eni
   name: redshift-nics
   filters:
    - RequesterManaged: true
    - "Attachment.InstanceOwnerId": "amazon-redshift"

 - resource: eni
   name: amazon-unattached
   filters:
    - RequesterManaged: true
    - Attachment: absent
    - type: value
      key: "Attachment.InstanceOwnerId"
      op: not-in
      value:
        - "amazon-rds"
        - "amazon-elb"
        - "amazon-elasticache"
        - "amazon-aws" # primarily nat gateway afaics
        - "amazon-redshift"

 - resource: eni
   name: amazon-nics
   filters:
    - RequesterManaged: true
    - type: value
      key: "Attachment.InstanceOwnerId"
      op: not-in
      value:
        - "amazon-rds"
        - "amazon-elb"
        - "amazon-elasticache"
        - "amazon-aws" # primarily nat gateway afaics
        - "amazon-redshift"

 - resource: lambda
   name: vpc-lambdas
   filters:
     - VpcConfig: not-null
	policies:

	- resource: eni
	name: all-nics

	- resource: eni
	description: Amazon ELB
	name: elb-nics
	filters:
	- RequesterManaged: true
	- "Attachment.InstanceOwnerId": "amazon-elb"

	- resource: eni
	name: rds-nics
	filters:
	- RequesterManaged: true
	- "Attachment.InstanceOwnerId": "amazon-rds"

	- resource: eni
	name: cache-nics
	filters:
	- RequesterManaged: true
	- "Attachment.InstanceOwnerId": "amazon-elasticache"

	- resource: eni
	name: nat-nics
	filters:
	- RequesterManaged: true
	- "Attachment.InstanceOwnerId": "amazon-aws"

	- resource: eni
	name: redshift-nics
	filters:
	- RequesterManaged: true
	- "Attachment.InstanceOwnerId": "amazon-redshift"

	- resource: eni
	name: amazon-unattached
	filters:
	- RequesterManaged: true
	- Attachment: absent
	- type: value
	key: "Attachment.InstanceOwnerId"
	op: not-in
	value:
	- "amazon-rds"
	- "amazon-elb"
	- "amazon-elasticache"
	- "amazon-aws" # primarily nat gateway afaics
	- "amazon-redshift"

	- resource: eni
	name: amazon-nics
	filters:
	- RequesterManaged: true
	- type: value
	key: "Attachment.InstanceOwnerId"
	op: not-in
	value:
	- "amazon-rds"
	- "amazon-elb"
	- "amazon-elasticache"
	- "amazon-aws" # primarily nat gateway afaics
	- "amazon-redshift"

	- resource: lambda
	name: vpc-lambdas
	filters:
	- VpcConfig: not-null