Skip to main content

Cloud Custodian - Retroactive Tag Resource Creators from CloudTrail

Project description

AWS Retroactive Tagging Resource Creators

This script will process cloudtrail records to create a sqlite db of resources and their creators, and then use that sqlitedb to tag the resources with their creator's name.

In processing cloudtrail it can use either Athena or S3 Select. A config file of the events and resources of interest is required.

Install

$ pip install c7n_trailcreator

$ c7n-trailcreator --help

Config File

The config file format here is similiar to what custodian requires for lambda policies on cloudtrail api events as an event selector.

First for each resource, the custodian resource-type is required to be specified, and then for each event, we need to know the name of the service, the event name, and a jmespath expression to get the resource ids.

Here's a a few examples, covering iam-user, iam-role, and and an s3 bucket.

{
  "resources": [
    {
      "resource": "iam-role",
      "events": [
        {
          "event": "CreateRole",
          "ids": "requestParameters.roleName",
          "service": "iam.amazonaws.com"
        }
      ]
    },
    {
      "resource": "s3",
      "events": [
        {
          "ids": "requestParameters.bucketName",
          "event": "CreateBucket",
          "service": "s3.amazonaws.com"
        }
      ]
    },
    {
      "resource": "iam-user",
      "events": [
        {
          "event": "CreateUser",
          "ids": "requestParameters.userName",
          "service": "iam.amazonaws.com"
        }
      ]
    }]
}

Tagging

It supports this across all the resources that custodian supports.

Multi Account / Multi Region

c7n-trailcreator supports executing across multiple accounts and regions when tagging using the same file format that c7n-org uses to denote accounts.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

c7n_trailcreator-0.1.4.tar.gz (10.2 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page