AWS SEA Cloud Custodian
Project Status
- Development
- Production/Maintenance
Install
pip install -r requirements.txt
Setup IAM Role
Create BCGOV_CloudCustodian
IAM role in all accounts with the permissions required to run the policy checks and actions.
c7n-org: Multi Account Custodian Execution
Download Script
The script for generating an aws accounts config file is only distributed via git.
curl https://raw.githubusercontent.com/cloud-custodian/cloud-custodian/master/tools/c7n_org/scripts/orgaccounts.py -o orgaccounts.py
Generate Accounts Config
All OUs
python orgaccounts.py \
-f accounts.yml \
--role 'arn:aws:iam::{Id}:role/BCGOV_CloudCustodian' \
Workload OUs
python orgaccounts.py \
-f accounts-workload.yml \
--role 'arn:aws:iam::{Id}:role/BCGOV_CloudCustodian' \
--ou Dev --ou Test --ou Prod
Core OUs
python orgaccounts.py \
-f accounts-core.yml \
--role 'arn:aws:iam::{Id}:role/BCGOV_CloudCustodian' \
--ou core
Running a Policy with c7n-org
# Find workload accounts that don't comply with the password policy
c7n-org run -c accounts-workload.yml --dryrun -s output -u policy/common/password.yml --region ca-central-1
Note: --dryrun
prevents actions from being executed
Getting Help or Reporting an Issue
To report bugs/issues/feature requests, please file an issue.
How to Contribute
If you would like to contribute, please see our CONTRIBUTING guidelines.
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.
License
Copyright 2018 Province of British Columbia
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.