- image: circleci/python:2.7.14
Project: Infra Env: core
- source: "ec2.amazonaws.com" event: "AllocateAddress" ids: "responseElements.publicIp"
policies: - name: get-ec2-manual-sg-edits resource: security-group description: | Trap events wherein a Security Group is not edited via specified users mode: type: cloudtrail events: - source: ec2.amazonaws.com event: AuthorizeSecurityGroupIngress ids: 'requestParameters.groupId' - source: ec2.amazonaws.com event: AuthorizeSecurityGroupEgress ids: 'requestParameters.groupId' - source: ec2.amazonaws.com event: RevokeSecurityGroupEgress ids: 'requestParameters.groupId' - source: ec2.amazonaws.com event: RevokeSecurityGroupIngress ids: 'requestParameters.groupId' filters: - not: - type: event key: 'detail.userIdentity.arn' value: example op: contains actions: - type: notify template: get-ec2-manual-sg-edits.html priority_header: '1' subject: 'AWS Guardrails: Trap manual Security Group rule edits' to: - event-owner transport: type: sqs queue: <queue> region: us-east-1
- name: ec2-daily-backup resource: ec2 description: | Cloud Custodian EBS Daily Backup comments: | Cloud Custodian EBS Daily Backup based on tag mybackup mode: type: periodic schedule: "rate(60 minutes)" role: arn:aws:iam::178375044839:role/custodian-generic-role filters: - "tag:mybackup": present actions: - type: snapshot copy-tags: - Owner - Appname
policies: - name: role-usage resource: iam-role region: us-east-1 filters: - type: value key: RoleName value: "custodian-role" - type: usage TotalAuthenticatedEntities: 1 LastAuthenticated: type: value value_type: age op: lt value: 1 match-operator: all
policies: - name: cloudwatch-delete-stale-log-group resource: log-group filters: - type: last-write days: 182.5 actions: - delete
ClientError: An error occurred (ThrottlingException) when calling the DescribeLogStreams operation (reached max retries: 4): Rate exceeded
hello, i'm having trouble understanding why my policy is generating an access denied warning
2020-06-10 21:25:55,168: c7n_org:DEBUG Running policy:ami-older-than-90days account:DIStaging region:us-east-2 2020-06-10 21:25:55,751: c7n_org:DEBUG Running policy:ami-older-than-90days account:DIProduction region:us-east-1 2020-06-10 21:25:55,936: c7n_org:DEBUG Running policy:ami-older-than-90days account:DIProduction region:us-east-2 2020-06-10 21:25:56,121: c7n_org:WARNING Access denied api:SendMessage policy:ami-older-than-90days account:DISandbox region:us-east-2 2020-06-10 21:25:56,300: c7n_org:WARNING Access denied api:SendMessage policy:ami-older-than-90days account:DIPreview region:us-east-2 2020-06-10 21:25:56,417: c7n_org:WARNING Access denied api:SendMessage policy:ami-older-than-90days account:DISandbox region:us-east-1
the role has the permissions given on the website, the SQS queue is accessible by the role from every other account, did i miss a setup step somewhere?
policies: - name: ami-older-than-90days resource: ami filters: - type: image-age days: 90 actions: - type: notify template: default priority_header: '2' subject: AMi older than 90 to: - firstname.lastname@example.org transport: type: sqs queue: https://sqs.us-east-1.amazonaws.com/acc###/CloudCustodian
I'm following the tutorial to deploy a docker image into Azure ACI.
I am following the documentation: https://cloudcustodian.io/docs/azure/configuration/acitutorial.html
But when I get to the deploy part it complains as it is referencing a template from the path
Where is this template so I can refactor my command to do my test deployment.
Just to update this. I found that the command in the documentation
az group deployment create is deprecated, replaced with
az deployment group create.
Also, the json that is referenced as a
template-file can be pulled using the
Is there any way I can feedback on this to get the documentation updated to reflect this correction?