Giters

wrnu / aws-sea-cloud-custodian

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

AWS SEA Cloud Custodian

License

Project Status

  • Development
  • Production/Maintenance

Install

pip install -r requirements.txt

Setup IAM Role

Create BCGOV_CloudCustodian IAM role in all accounts with the permissions required to run the policy checks and actions.

c7n-org: Multi Account Custodian Execution

Download Script

The script for generating an aws accounts config file is only distributed via git.

curl https://raw.githubusercontent.com/cloud-custodian/cloud-custodian/master/tools/c7n_org/scripts/orgaccounts.py -o orgaccounts.py

Generate Accounts Config

All OUs

python orgaccounts.py \
    -f accounts.yml \
    --role 'arn:aws:iam::{Id}:role/BCGOV_CloudCustodian' \

Workload OUs

python orgaccounts.py \
    -f accounts-workload.yml \
    --role 'arn:aws:iam::{Id}:role/BCGOV_CloudCustodian' \
    --ou Dev --ou Test --ou Prod

Core OUs

python orgaccounts.py \
    -f accounts-core.yml \
    --role 'arn:aws:iam::{Id}:role/BCGOV_CloudCustodian' \
    --ou core

Running a Policy with c7n-org

# Find workload accounts that don't comply with the password policy
c7n-org run -c accounts-workload.yml --dryrun -s output -u policy/common/password.yml --region ca-central-1

Note: --dryrun prevents actions from being executed

Getting Help or Reporting an Issue

To report bugs/issues/feature requests, please file an issue.

How to Contribute

If you would like to contribute, please see our CONTRIBUTING guidelines.

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.

License

Copyright 2018 Province of British Columbia

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

About

License:Apache License 2.0