c7n-org not deleting snapshots
See original GitHub issueDescribe the bug
I have this rule:
policies:
- name: ebs-snapshots-90-days-old
resource: ebs-snapshot
comment: Delete old EBS snapshots
filters:
- type: age
days: 90
op: ge
conditions:
- type: value
key: account_id
op: in
value:
- "1111111111111" # monolith-production
actions:
- delete
In my entrypoint:
python3 /orgaccounts.py --role "arn:aws:iam::{Id}:role/cloud-custodian" -f accounts.yml -a
c7n-org run --debug -c accounts.yml -s output -u /tmp/custodian.yml
Its generating the accounts.yml perfectly:
accounts:
- account_id: '22222222222'
display_name: security
email: redact
name: security
org_id: o-9xlgluoje3
role: arn:aws:iam::22222222222:role/cloud-custodian
- account_id: '1111111111'
display_name: monolith-production
email: redact
name: monolith-production
org_id: o-9xlgluoje3
role: arn:aws:iam::1111111111:role/cloud-custodian
It runs from account 22222222222
output from teh container
2021-10-26 00:36:52,456: c7n_org:INFO Ran account:monolith-production region:us-east-1 policy:ebs-snapshots-90-days-old matched:1 time:7.65
2021-10-26 00:36:52,843: c7n_org:INFO Ran account:monolith-production region:us-east-1 policy:nifi-ebs-snapshots-14-days-old matched:1 time:8.04
however its not deleting the snapshot despite finding it. Its not an IAM issue, this is working in non-org (regular c7n), but wont work when i migrate the yaml to work from c7n-org
What did you expect to happen?
woudl delete the found snapshots
Cloud Provider
Amazon Web Services (AWS)
Cloud Custodian version and dependency information
c7n-org==0.6.10 which bundles c7n latest
Policy
above
Relevant log/traceback output
above
Extra information or context
works as normal c7n without role assumption does not work in c7n despite many other policies working (all mode:cloudtrail and mode:rate work great in this set up)
I added -v --debug
but it didnt add any helpful logs, only a whole lot of DEBUG’s for it not deploying this to other accounts
Issue Analytics
- State:
- Created 2 years ago
- Comments:11 (11 by maintainers)
Top Results From Across the Web
cloud-custodian/cloud-custodian - Gitter
Is there any way I can create a policy that delete ebs snapshots of last 2 years, from the day it is executing?...
Read more >c7n-org: Multi Account Custodian Execution
c7n -org: Multi Account Custodian Execution¶. c7n-org is a tool to run custodian against multiple AWS accounts, Azure subscriptions, or GCP projects in...
Read more >Source code for c7n.resources.ebs - Cloud Custodian
[docs]@Snapshot.filter_registry.register('unused') class SnapshotUnusedFilter(Filter): """Filters snapshots based on usage true: snapshot is not used by ...
Read more >aws.ebs-snapshot — Cloud Custodian documentation
policies: - name: snapshot-with-no-volume description: Find any snapshots that do not have a corresponding volume. resource: aws.ebs-snapshot filters: ...
Read more >Source code for c7n.resources.rdscluster - Cloud Custodian
[docs]@RDSCluster.action_registry.register('delete') class ... days: 21 value: 1.0 op: le actions: - type: delete skip-snapshot: false delete-instances: ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@ajkerrigan that got it 🤦
2021-10-26 17:34:44,985 - custodian.ebs - INFO - Deleting 1 snapshots, auto-filtered 0 ami-snapshots
Thanks!
As for cloudtrail there is nada