Member-only story
Cloud Custodian [GZ] Output Files
Let’s understand the output produced by the cloud custodian
In this story, we will discuss the output produced from the execution of the Cloud Custodian Policy. For the purpose of the story, we will assume that the readers already have the basic knowledge of the Cloud Custodian.
Let’s understand this with an example policy and scenario-
policies:
- name: sec-n-elb-internet-facing
resource: aws.elb
description: |
This policy identifies all Load Balancers that are facing the
Internet.
filters:
- Scheme: internet-facing
mode:
type: periodic
schedule: "rate(3 days)"
execution-options:
output_dir: s3://example-bucket/cclogs/policy/{account_id}
runtime: python 3.8The above Custodian policy associated with ELB identifies all the existing load balancers that are facing the internet. We have used the “Periodic” execution mode and scheduled the policy to run once every 3 days. The custodian output is sent to an s3 bucket. The s3 path is mentioned here within the policy as to where the custodian will drop the results. The IAM role that the custodian is using must have permission to that bucket to drop the files to.
What execution mode schema supports the option to have the output sent to a directory, say s3 bucket?
From the above policy example, you can see that we are declaring the output directory within the policy itself as…
