Member-only story
Writing the Cloud Custodian Policy, Validate, Run, and Reporting
2 min readMay 20, 2022
A powerful open-source tool to govern your public cloud resources
This is a quick story, where we discussed how to install the Cloud Custodian, Write the policy in YAML language, Validate the policy for syntax errors, Run/deploy and Understand the output GZ files.
Install the Cloud Custodian on your local machine
We have covered the installation of Cloud Custodian in another story- https://ismsguy.medium.com/what-is-a-cloud-custodian-c33b37b6060
Writing Cloud Custodian Policy
The Cloud Custodian Policies are YAML. You can use Visual Studio Code Editor to write the policy. After writing the policy, you can save it on your local machine. The next step is to validate to make sure it debugs nicely.
Example- Identify AWS Redshift Cluster Publicly Accessiblepolicies:
- name: redshift-cluster-publicly-accessible
resource: aws.redshift
comments: |
Find Redshift clusters that are publicly accessible.This is a
notify only policy. The policy run once every 24 hours.
filters:
- "tag:redshift-publicly-accessible-exempt": absent
- PubliclyAccessible: true
mode:
type: periodic
schedule: "rate(24 hours)"…
