c7n.tags module¶
Bases:
c7n.tags.Tag
Copy a related resource tag to its associated resource
In some scenarios, resource tags from a related resource should be applied to its child resource. For example, EBS Volume tags propogating to their snapshots. To use this action, specify the resource type that contains the tags that are to be copied, which can be found by using the custodian schema command.
Then, specify the key on the resource that references the related resource. In the case of ebs-snapshot, the VolumeId attribute would be the key that identifies the related resource, ebs.
Finally, specify a list of tag keys to copy from the related resource onto the original resource. The special character “*” can be used to signify that all tags from the related resource should be copied to the original resource.
To raise an error when related resources cannot be found, use the skip_missing option. By default, this is set to True.
Example: policies: - name: copy-tags-from-ebs-volume-to-snapshot resource: ebs-snapshot actions: - type: copy-related-tag resource: ebs skip_missing: True key: VolumeId tags: '*'
Returns a mapping of {resource_id: {tagkey: tagvalue}}
Bases:
c7n.actions.core.Action
Transform the value of a tag.
Set the tag value to uppercase, title, lowercase, or strip text from a tag key.
policies: - name: ec2-service-transform-lower resource: ec2 comment: | ec2-service-tag-value-to-lower query: - instance-state-name: running filters: - "tag:testing8882": present actions: - type: normalize-tag key: lower_key action: lower - name: ec2-service-strip resource: ec2 comment: | ec2-service-tag-strip-blah query: - instance-state-name: running filters: - "tag:testing8882": present actions: - type: normalize-tag key: strip_key action: strip value: blah
Transform tag value
- Collect value from tag
- Transform Tag value
- Assign new value for key
Bases:
c7n.actions.core.Action
Remove tags from ec2 resources.
Bases:
c7n.actions.core.Action
Create a new tag with identical value & remove old tag
Move source tag value to destination tag value
- Collect value from old tag
- Delete old tag
- Create new tag & assign stored value
Bases:
c7n.actions.core.Action
Tag an ec2 resource.
Bases:
c7n.filters.core.Filter
Filter resources for tag specified future action
Filters resources by a ‘custodian_status’ tag which specifies a future date for an action.
The filter parses the tag values looking for an ‘op@date’ string. The date is parsed and compared to do today’s date, the filter succeeds if today’s date is gte to the target date.
The optional ‘skew’ parameter provides for incrementing today’s date a number of days into the future. An example use case might be sending a final notice email a few days before terminating an instance, or snapshotting a volume prior to deletion.
The optional ‘skew_hours’ parameter provides for incrementing the current time a number of hours into the future.
Optionally, the ‘tz’ parameter can get used to specify the timezone in which to interpret the clock (default value is ‘utc’)
policies: - name: ec2-stop-marked resource: ec2 filters: - type: marked-for-op # The default tag used is custodian_status # but that is configurable tag: custodian_status op: stop # Another optional tag is skew tz: utc actions: - type: stop
validate filter config, return validation error or self
Bases:
c7n.filters.core.Filter
Simplify tag counting..
ie. these two blocks are equivalent
- filters: - type: value op: gte count: 8 - filters: - type: tag-count count: 8
Bases:
c7n.actions.core.Action
Tag resources for future action.
The optional ‘tz’ parameter can be used to adjust the clock to align with a given timezone. The default value is ‘utc’.
If neither ‘days’ nor ‘hours’ is specified, Cloud Custodian will default to marking the resource for action 4 days in the future.
policies: - name: ec2-mark-for-stop-in-future resource: ec2 filters: - type: value key: Name value: instance-to-stop-in-four-days actions: - type: mark-for-op op: stop
Bases:
c7n.actions.core.Action
Automatically remove tags from an ec2 resource.
EC2 Resources have a limit of 50 tags, in order to make additional tags space on a set of resources, this action can be used to remove enough tags to make the desired amount of space while preserving a given set of tags.
policies: - name: ec2-tag-trim comment: | Any instances with 48 or more tags get tags removed until they match the target tag count, in this case 47 so we that we free up a tag slot for another usage. resource: ec2 filters: # Filter down to resources which already have 8 tags # as we need space for 3 more, this also ensures that # metrics reporting is correct for the policy. - type: value key: "length(Tags)" op: ge value: 48 actions: - type: tag-trim space: 3 preserve: - OwnerContact - ASV - CMDBEnvironment - downtime - custodian_status
Bases:
c7n.tags.Tag
Applies one or more tags to the specified resources.
Bases:
c7n.tags.TagDelayedAction
Tag resources for future action.
Example: policies: - name: ec2-mark-stop resource: ec2 filters: - type: image-age op: ge days: 90 actions: - type: mark-for-op tag: custodian_cleanup op: terminate days: 4
Bases:
c7n.tags.RemoveTag
Removes the specified tags from the specified resources.
Returns a list of tags from resource and user supplied in the format: [{‘Key’: ‘key’, ‘Value’: ‘value’}]
Due to drift on implementation on copy-tags/tags used throughout the code base, the following options are supported:
- copy_tags (Tags to copy from the resource):
- list of str, e.g. [‘key1’, ‘key2’, ‘*’]
- bool
- user_tags (User supplied tags to apply):
- dict of key-value pairs, e.g. {Key: Value, Key2: Value}
- list of dict e.g. [{‘Key’: k, ‘Value’: v}]
In the case that there is a conflict in a user supplied tag and an existing tag on the resource, the user supplied tags will take priority.
Additionally, a value of ‘*’ in copy_tags can be used to signify to copy all tags from the resource.
Retry support for resourcegroup tagging apis.
The resource group tagging api typically returns a 200 status code with embedded resource specific errors. To enable resource specific retry on throttles, we extract those, perform backoff w/ jitter and continue. Other errors are immediately raised.
We do not aggregate unified resource responses across retries, only the last successful response is returned for a subset of the resources if a retry is performed.