Add policy metadata to resources.json
See original GitHub issueWith a large set of complex policies it’s difficult to determine which policy and resource type each item in the resources.json file corresponds to. In our case, we process all of the resource.json files for multiple policies at once and feed the data into an ElasticSearch cluster for custom reporting.
I’d like to propose adding metadata about the policy itself to each resource in the resources.json output file.
"c7n:Policy": {
"PolicyName": "security_group_ingress_all_ports",
"Resource": "security-group",
"Provider": "aws"
}
The “Resource” field is the most critical. Without it, we currently have to resort to “duck typing” every AWS resource based on the existence of key fields. It’s a bit of a headache and something I felt should be part of the resources.json output.
I can submit a PR for this if you agree to the proposal.
Issue Analytics
- State:
- Created 5 years ago
- Reactions:1
- Comments:6 (1 by maintainers)
Top Results From Across the Web
Policy Metadata - Get Resource - REST API (Azure Policy)
Learn more about Policy service - Get policy metadata resource.
Read more >Metadata attribute - AWS CloudFormation
The metadata attribute enables you to associate structured data with a resource. By adding a metadata attribute to a resource, you can add...
Read more >Read metadata of resource through Azure policy
I want to read metadata of the resource which is deployed in Azure like eg: template.json and create Azure policy definition to traverse ......
Read more >Understanding allow policies | IAM Documentation
An allow policy is a collection of role bindings and metadata. A role binding specifies what access should be granted to a resource....
Read more >Metadata JSON Files: /Documentation - LabKey Support
A metadata file written in JSON is used to configure the fields and categories for document abstraction. The file configures the field categories...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
have a look at #2844 which implements this (among other things)
Execution time would be useful. One thing I was considering putting in my original proposal is to add the AWS service and resource type to it as well. For example, “ec2” and “image” as the service and resource-type - the native AWS names. In Cloud Custodian lingo the provider is AWS and the resource is “ami” - different name.