EC2 和 S3 的云托管策略
Cloud Custodian Policies for EC2 and S3
我正在编写云托管策略以终止所有面向互联网的 ec2 实例和 public S3 存储桶。
我在官方文档中找不到直接的规则过滤器。
如有任何帮助,我们将不胜感激。
干杯
policies:
- name: find-ec2-on-public-subnets
resource: ec2
filters:
- type: value
key: "SubnetId"
op: in
value:
- subnet-d1e4xxxxx
- subnet-d1e4xxxxx
actions:
- stop
- name: s3-global-access
resource: s3
filters:
- type: global-grants
actions:
- type: delete-global-grants
grantees:
- "http://acs.amazonaws.com/groups/global/AllUsers"
- "http://acs.amazonaws.com/groups/global/AuthenticatedUsers"
我正在编写云托管策略以终止所有面向互联网的 ec2 实例和 public S3 存储桶。
我在官方文档中找不到直接的规则过滤器。
如有任何帮助,我们将不胜感激。
干杯
policies:
- name: find-ec2-on-public-subnets
resource: ec2
filters:
- type: value
key: "SubnetId"
op: in
value:
- subnet-d1e4xxxxx
- subnet-d1e4xxxxx
actions:
- stop
- name: s3-global-access
resource: s3
filters:
- type: global-grants
actions:
- type: delete-global-grants
grantees:
- "http://acs.amazonaws.com/groups/global/AllUsers"
- "http://acs.amazonaws.com/groups/global/AuthenticatedUsers"