Member-only story
Relationship between the Cloud Custodian Lambda Function and the Cloudwatch Event Rule (Part 1)
How to solve the quota problem for cloud watch event rules while deploying the cloud custodian policies
Now that you have decided to use the Cloud Custodian for managing your Cloud Governance, it is very important to understand the different components and their working mechanism. In this story, we will discuss the problem related to the CloudWatch event rule while deploying the policies and how we can overcome using different approaches.
Let’s take an example, a developer is deploying a policy to an AWS account to identify the AWS Redshift cluster that is publicly accessible. The policy will run periodically every 3 days. We have also provided the exemption tags in case if the Organization has a reason to have the cluster accessible to the public.
Example- Identify AWS Redshift Cluster Publicly Accessiblepolicies:
- name: redshift-cluster-publicly-accessible
resource: aws.redshift
comments: |
Find Redshift clusters that are publicly accessible.This is a
notify only policy. The policy runs every 3 days.
filters:
- "tag:redshift-publicly-accessible-exempt": absent
- PubliclyAccessible: true
mode:
type: periodic
schedule: "rate(3 days)"
execution-options…
