Last active
September 2, 2020 16:09
-
-
Save rubendob/1bfd7efa431d851f3f690a465d1fb25e to your computer and use it in GitHub Desktop.
CloudCustodian Tagging Simple Policy - How write simple policy, execute and report by command line
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
policies: | |
- name: ec2-tag-policy | |
resource: aws.ec2 | |
filters: | |
- or: | |
- "tag:Project": absent | |
- "tag:Team": absent |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
One thing we must remember is the report sub command only supports one kind of resource, not multiples.
Here we can see there are at least 125 EC2 which are no compliance based on the policy we already have wroted
Command will return a grid using the --format grid option
More examples, this time of security groups unused