Conditional action execution
See original GitHub issueIs your feature request related to a problem? Please describe.
I am looking for conditions on actions, plain and simple 😃 This helps me solve a problem around only taking certain actions in certain accounts. I.E. in a Dev environment, delete something vs in a Prod environment, isolate it and notify. Traditionally, these small differences have resulted in a multiplication of policy
by type of environment
with different actions sometimes winding up with having to write the same thing 4 - 5 times with a small difference on one of the actions. Something like this could help to keep it to just 1 albeit meta-policy in the future.
Describe the solution you’d like
I’d like to add a conditions attribute to actions where I could check the account_id
in a value_from
and then decide if I’m in a prod environment or not. Another variation of this could be a timed action, i.e. do this thing until 8/8, then after 8/8 do this other thing. By checking the condition and executing the action if it evaluates to true, this enables some possibilities around dynamic policy interpretation that were not there before.
Issue Analytics
- State:
- Created 3 years ago
- Comments:12 (5 by maintainers)
Top GitHub Comments
One more use case could be:
This is why we use a jinja framework to build our c7n policies. Way more granularity/control than trying to build it all into the c7n policies directly 😃 but i know that’s not for everyone…