Serverless — Cloud Custodian setup on AWS Lambda

Abhishek Jain
Jun 24, 2018 · 3 min read

Prerequisites:

IAM Role:

IAM User:

{
“Version”: “2012–10–17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “iam:PassRole”,
“Resource”: “arn:aws:iam::1234567890:role/lambda_basic_execution”
}]
}

Install Cloud Custodian:

export AWS_ACCESS_KEY_ID=<ACCESS_KEY>
export AWS_SECRET_ACCESS_KEY=<SECRET_KEY>
export AWS_DEFAULT_REGION=<REGION>
pip install c7n
custodian version
policies:- name: owner-tag-compliance
mode:
type: periodic
schedule: rate(1 hour)
role: arn:aws:iam::1234567890:role/Custodian-tag-compliance-role
resource: ec2
description: |
Schedule a resource that does not meet tag compliance policies
to be stopped in four days.
filters:
- State.Name: running
- "tag:Owner": absent
actions:
- stop
custodian run -s . policy.yml
custodian -h

References:

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade