Basic concepts and terms

Cloud Custodian works with the following basic concepts, terms, and relationships between them.

Policy - c7n.policy
Defined in yaml, specifies a set of filters and actions to take on a given AWS resource type.
Resource - c7n.manager.ResourceManager
Provides for retrieval of a resource of a given type (typically via AWS API) and defines the vocabulary of filters and actions that can be used on those resources (e.g., ASG, S3, EC2, ELBs, etc).
Mode - c7n.policy (yes, policy)
Defines how the policy will execute (lambda, config rule, poll, etc).
mode:
  type: cloudtrail
  events:
    - RunInstances
Filters - c7n.filters
Given a set of resources, how we filter to the subset that we’re interested in operating on. The filtering language has some default behaviors across resource types like value filtering with JMESPath expressions against the JSON representation of a resource, as well as specific filters for particular resources types (instance age, tag count, etc).
filters:
  - "tag:aws:autoscaling:groupName": absent
  - type: ebs
    key: Encrypted
    value: false
    skip-devices:
      - "/dev/sda1"
      - "/dev/xvda"
  - type: event
    key: "detail.userIdentity.sessionContext.sessionIssuer.userName"
    value: "SuperUser"
    op: ne
Actions - c7n.actions
A verb to use on a given resource, i.e. stop, start, suspend, delete, encrypt, etc.
actions:
  - type: tag
    key: c7n_status
    value: "Unencrypted EBS! Please recreate with Encryption"
  - type: terminate
    force: true