0

I am trying to target all the buckets in my account that have name like Prod-** with my custodian policy.

The custodian policy basically checks if replication is enabled and if not then goes ahead and enables the replication.

I am able to write the policy that targets all the buckets but what if i want to only target specific buckets. In the official documentation of [Cloud Custodian][1] i do not see any option for specifying name of the bucket.

Here is what my policy looks like -

  - name: s3-replication
    resource: s3
    filters:
      - type: value 
        key: Replication.ReplicationConfiguration.Rules[].Destination.Account
        value: absent
    actions:
      - type: set-replication
        state: enable ```
Allan Chua
  • 9,305
  • 9
  • 41
  • 61
Yash Kamdar
  • 131
  • 6

1 Answers1

0

Your policy has all of the pieces there, all you would need is another string matching filter criteria.

  - name: s3-replication
    resource: s3
    filters:
      - type: value 
        key: Replication.ReplicationConfiguration.Rules[].Destination.Account
        value: absent
      - type: value
        key: tag:Name
        op: glob
        value: Prod-*
    actions:
      - type: set-replication
        state: enable

These filters are chained together and both need to evaluate to return resources.

Here we are obviously using the tag:Name value which is quite common for resources in general, but you could equally target any other bucket attribute based on the AWS API docs.

Boreaz
  • 22
  • 3