Notifications with Cloud Custodian

[André Smink]

Hi

Is it possible to use cloud custodian to send a notification containing a list of non compliant services using an SNS topic and tag those services for cleanup?

Currently I have a policy that creates a lambda function that stops all EC2 instances with no Owner tag but I want to change it so that it tags the instances with

a message that says it will be terminated in 7 days and send a notification using SNS with a list of all those instances.

[Kapil Thangavelu]

There is a notify action that relays a data message to an sqs queue that can be combined with mark-for-op (delayed action) and filters to achieve that effect. But the sqs worker/mailer delivery side of that is currently not part of the opensource code at the moment due to integration with org specific ldap/address lookup, and resource-owner tag to address mapping. At the moment that means actual delivery is diy. The message format is base64 encoded gzip'd json, with the policy, and resources in the payload. I've filed a github issue to track this at https://github.com/capitalone/cloud-custodian/issues/163 but its not on the short term 3 week roadmap due to competing priorities.

cheers,

Kapil

[devops...@gmail.com]

Hi Andre

Can you help me in writing policy that creates lambda function ? Or if you could share the policy you stated above, that would be great.

[devops...@gmail.com]

Hi Kapil,

I just started exploring this tool and I am trying to create lambda functions with custodian policies. Can you help me with this ??

[Mandeep Bal]

Hi,

This is an example of a lambda policy from our github Readme.md.

- name: ec2-require-non-public-and-encrypted-volumes
  resource: ec2
  description: |
    Provision a lambda and cloud watch event target
    that looks at all new instances and terminates those with
    unencrypted volumes.
  mode:
    type: cloudtrail
    events:
        - RunInstances
  filters:
    - type: ebs
      key: Encrypted
      value: false
  actions:
    - terminate

[John Du]

I am new to custodian. using ebs.actions.notify sends SNS email of finding unattached volumes. But the email content is un-readable and base64 decode not change anything. How can I get the email contents readable? Any help is appreciated. John

here is the policy (only topic arn and email address not in real)

---

policies:

- name: ebs-find-unattached

  resource: ebs

  comments: |

    find volumes that are not used.

  filters:

    - Attachments: []

    - "tag:maid_status": present

  actions:

    - type: notify

      from: em...@anyhost.anydomain.com

      to:

        - em...@anyhost.anydomain.com

      subject: "Un-used Volumes found"

      template: default

      transport:

        type: sns

        topic: arn:aws:sns:us-east-1:xxxxxxxxxxx:AWSDevOps

...

[Linus Yong]

Hi John,

It is first compressed using zlib, then base64 encoded.  To get the plan text:

• Copy the text into a file (e.g. result)
  
• Then decode the text using:
  

$ cat result | base64 -D > result.zlib

$ printf "\x1f\x8b\x08\x00\x00\x00\x00\x00" | cat - result.zlib | gzip -dc

• The printf is just to pad a proper header for gzip.  Otherwise gzip will not be able to uncompress it.

[Linus Yong]

You might also want to look at the code here: http://www.capitalone.io/cloud-custodian/docs/_modules/c7n/actions.html#Notify.send_sns

Message=base64.b64encode(zlib.compress(utils.dumps(message)))

[John Du]

Hi Linus,

Thank you very much for replying with the details.

Is it possible that put the email contents in  plain text? Such as I can do something in the policy file?

Kind Regards,

John

[Linus Yong]

Hi John,

You can't just send the message as plain text using the policies YAML file.  You can change the code of http://www.capitalone.io/cloud-custodian/docs/_modules/c7n/actions.html#Notify.send_sns if you want.