excluding a resource from a list
9 views
Skip to first unread message
sayla
Aug 26, 2022, 11:34:53 AM8/26/22
to cloud-custodian
Hi all;
How do I list all unused AWS Secuirty groups except one. The following looks to have issues:
policies:
- name: security-groups-unused
resource: security-group
comments: |
List all unused security groups
filters:
- unused
- type: value
key: SecurityGroups[].GroupId
value_type: swap
op: not-equal
value: sg-EXCLUDE_ME
- name: security-groups-unused
resource: security-group
comments: |
List all unused security groups
filters:
- unused
- type: value
key: SecurityGroups[].GroupId
value_type: swap
op: not-equal
value: sg-EXCLUDE_ME
any ideas?
thanks.
AJ Kerrigan
Aug 26, 2022, 11:50:53 AM8/26/22
to sayla, cloud-custodian
Hi there,
You can tweak the `value` filter in your example. If you're targeting the `aws.security-group` resource, each resource will have `GroupId` as a top-level key. You can use a `value` filter's `not-in` check to ensure that the group ID isn't in a list you provide. For example:
- type: value
key: GroupId
op: not-in
value:
key: GroupId
op: not-in
value:
- sg-EXCLUDE_ME
There are some other examples in the value filter docs (https://cloudcustodian.io/docs/filters.html#value-filter) if you need to get fancier, but hopefully that helps.
AJ
--
You received this message because you are subscribed to the Google Groups "cloud-custodian" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cloud-custodi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cloud-custodian/4a522d69-7b64-4375-8d3e-71a3f55859een%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages