avatarGérard Mclean

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

4815

Abstract

g">"rate(60 minutes)"</span> execution-<span class="hljs-keyword">options</span>: output_dir: s3://bucket-name/cclogs/{{policy}}/ action: - start - <span class="hljs-built_in">type</span>: notify template: default.html # Using jinja template template_format: <span class="hljs-string">'html'</span> priority_header: <span class="hljs-string">'1'</span> subject: Started {{ policy[<span class="hljs-string">'resource'</span>] }} <span class="hljs-keyword">as</span> per defined c7n offhours- {{account}} {{region}} via {{policy[<span class="hljs-string">'name'</span>]}} action_desc: | Custodian <span class="hljs-built_in">has</span> started the EC2 instance based <span class="hljs-keyword">on</span> the defined
c7n offhours. <span class="hljs-keyword">to</span>: - <span class="hljs-keyword">first</span>.last@example.<span class="hljs-keyword">com</span> transport: <span class="hljs-built_in">type</span>: sqs queue: https://sqs. {{region}}.amazonaws.<span class="hljs-keyword">com</span>/{{account_id}}/c7nmailermessagequeue</pre></div><p id="8b1f"># 3— EC2 off-hours enforcement</p><div id="46f7"><pre><span class="hljs-symbol">vars:</span> sec-tags: <span class="hljs-variable">&sec</span>-tags <span class="hljs-symbol"> owner:</span> [email protected] <span class="hljs-symbol"> service:</span> cloudcustodian <span class="hljs-symbol"> department:</span> music <span class="hljs-symbol"> compliance:</span> ABCD </pre></div><div id="6999"><pre><span class="hljs-symbol">policies:</span></pre></div><div id="0115"><pre><span class="hljs-bullet">-</span> <span class="hljs-attr">name:</span> <span class="hljs-string">csp-na-ec2-off-hours-enforcement</span> <span class="hljs-attr">resource:</span> <span class="hljs-string">aws.ec2</span> <span class="hljs-attr">comments:</span> <span class="hljs-string">| Opt in EC2 instances without a c7n_off_hours tag. </span> <span class="hljs-attr">filters:</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">"tag:c7n_off_hours":</span> <span class="hljs-string">absent</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">"tag:aws:autoscaling:groupName":</span> <span class="hljs-string">absent</span> <span class="hljs-attr">mode:</span> <span class="hljs-attr">type:</span> <span class="hljs-string">periodic</span> <span class="hljs-attr">schedule:</span> <span class="hljs-string">"rate(24 hours)"</span> <span class="hljs-attr">tags:</span> <span class="hljs-string">*sec-tags</span> <span class="hljs-attr">execution-options:</span> <span class="hljs-attr">output_dir:</span> <span class="hljs-string">s3://bucket-name/cclogs/{{policy}}/</span> <span class="hljs-attr">action:</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">type:</span> <span class="hljs-string">tag</span> <span class="hljs-attr">key:</span> <span class="hljs-string">c7n_off_hours</span> <span class="hljs-attr">value:</span> <span class="hljs-string">"on"</span></pre></div><p id="941e"># 4 — Stop EC2 every Thursday evening at 6 PM (once the vulnerability scanner is done its scanning job)</p><div id="eb3c"><pre><span class="hljs-symbol">policies:</span></pre></div><div id="c8ad"><pre>- name: csp-na-vuln-scanner-off-hours-stop resource: aws.ec2 comments: | Stop EC2 instances, every Thursday evening at 6:00 PM (CST). Tag the<span class="hljs-built_in"> instance </span>with key <span class="hljs-string">"vuln_offhours"</span><span class="hljs-built_in"> and </span>value <span class="hljs-string">"off= (H,18);on=(H,8);tz=ct"</span>.Tag the EC2<span class="hljs-built_in"> if </span>you want this policy to be applied on your<span class="hljs-built_in"> instance </span>and take action. Instance will be turned on for 10 hrs for vulnerability scanner to start<span class="hljs-built_in"> and </span> complete the vulnerability scanning. Time zone is ct. filters: - <span class="hljs-string">"tag:c7n_do_not_shut_down"</span>: absent - <span class="hljs-string">"tag:aws:autoscaling:groupName"</span>: absent - type: offhour default_tz: ct offhour: 18 opt-out: false tag: vuln_offhours <span class="hljs-comment"># Use this tag to be included in scope</span> mode: type: periodic schedule: <span class="hljs-string">"rate(60 minutes)"</span> execution-options: output_dir: s3://bucket-name/cclogs/{{policy}}/ action: - stop - type: notify template: default.html <span class="hljs-comment"># Using jinja template</span> template_format: 'html' priority_header: '1' subject: Stopped {{ policy['re

Options

source'] }} as per defined vuln offhours- {{account}} {{region}} via {{policy['name']}} action_desc: | Custodian has stopped the EC2<span class="hljs-built_in"> instance </span>based on the defined nessus offhours. to: - [email protected] transport: type: sqs queue: https://sqs. {{region}}.amazonaws.com/{{account_id}}/c7nmailermessagequeue</pre></div><p id="5e94">#5 — Start EC2 every Thursday at 8 AM for the vulnerability scanner.</p><div id="b5c3"><pre><span class="hljs-symbol">policies:</span></pre></div><div id="570e"><pre>- name: csp-na-vuln-scanner-off-hours-start resource: aws.ec2 comments: | Start EC2 instances, every Thursday at 8:00 AM (CST). Tag the<span class="hljs-built_in"> instance </span>with key <span class="hljs-string">"vuln_offhours"</span><span class="hljs-built_in"> and </span>value <span class="hljs-string">"off= (H,18);on=(H,8);tz=ct"</span>.Tag the<span class="hljs-built_in"> instance </span>if you want this policy to be applied<span class="hljs-built_in"> and </span>take action. Instance will be turned on for 10 hrs for vuln scanner to start<span class="hljs-built_in"> and </span>complete the vulnerability scanning. Time zone is ct.. filters: - <span class="hljs-string">"tag:c7n_do_not_shut_down"</span>: absent - <span class="hljs-string">"tag:aws:autoscaling:groupName"</span>: absent - type: onhour default_tz: ct opt-out: false onhour: 8 tag: vuln_offhours <span class="hljs-comment"># Use this tag to be included in scope</span> mode: type: periodic schedule: <span class="hljs-string">"rate(60 minutes)"</span> execution-options: output_dir: s3://bucket-name/cclogs/{{policy}}/ action: - start - type: notify template: default.html <span class="hljs-comment"># Using jinja template</span> template_format: 'html' priority_header: '1' subject: Started {{ policy['resource'] }} as per defined c7n offhours- {{account}} {{region}} via {{policy['name']}} action_desc: | Custodian has started the EC2<span class="hljs-built_in"> instance </span>based on the defined
c7n offhours. to: - [email protected] transport: type: sqs queue: https://sqs. {{region}}.amazonaws.com/{{account_id}}/c7nmailermessagequeue</pre></div><p id="3e51"># 6— EC2 running continuously for last 1 week</p><div id="1fff"><pre><span class="hljs-symbol">policies:</span></pre></div><div id="4d72"><pre><span class="hljs-bullet">-</span> <span class="hljs-attr">name:</span> <span class="hljs-string">csp-n-ec2-running-for-last-7-days</span> <span class="hljs-attr">resource:</span> <span class="hljs-string">aws.ec2</span> <span class="hljs-attr">comments:</span> <span class="hljs-string">| Find all EC2 instances that are in running state for the last 7 days.This is a notify only policy. This policy runs every day at 6:00 AM UTC (1:00 AM CDT) </span> <span class="hljs-attr">filters:</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">"State.Name":</span> <span class="hljs-string">running</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">type:</span> <span class="hljs-string">instance-age</span> <span class="hljs-attr">days:</span> <span class="hljs-number">7</span>
<span class="hljs-attr">mode:</span> <span class="hljs-attr">type:</span> <span class="hljs-string">periodic</span> <span class="hljs-attr">schedule:</span> <span class="hljs-string">"cron(0 6 * * ? *)"</span> <span class="hljs-attr">execution-options:</span> <span class="hljs-attr">output_dir:</span> <span class="hljs-string">s3://bucket-name/cclogs/{{policy}}/</span> <span class="hljs-attr">action:</span> <span class="hljs-bullet">-</span> <span class="hljs-attr">type:</span> <span class="hljs-string">notify</span></pre></div><p id="c9d2"><b>Other Stories</b></p><p id="6ef9"><a href="https://ismsguy.medium.com/ingesting-cloud-custodian-logs-into-sumo-logic-part-1-4e6af6df70a">Ingesting Cloud Custodian Logs into Sumo Logic</a></p><p id="bc30"><a href="https://ismsguy.medium.com/aws-resources-inventory-using-cloud-custodian-12aa011c66">AWS Resource Inventory using Cloud Custodian</a></p><p id="80a8"><a href="https://ismsguy.medium.com/aws-resources-inventory-using-cloud-custodian-12aa011c66">Cloud Custodian Policy Health Checks</a></p><p id="6f54"><a href="https://ismsguy.medium.com/cloud-custodian-gz-output-files-6cd0fbfaed8a">Cloud Custodian Output Files</a></p><p id="cb2d"><a href="https://ismsguy.medium.com/membership">https://ismsguy.medium.com/membership</a></p></article></body>

Election Day is finally here

8 November, 2016 | Index

Dear Hillary Clinton,

Gerard Mclean here, from Englewood, Ohio. This is an epilogue letter of one hundred I am writing you on health care; one for each day between your nomination and your election. The previous letters can be found in your USPS mailbox or online at 100HRC.com.

Election Day is finally here. I wish you the best of luck!

I will vote for you, but be assured my vote is because I believe you will work to find some way forward on SinglePayer, MedicareForAll, UniversalCare. My down ballot D votes will be because I am so very tired of living in a country that has demonized health care and education.

We need to reverse that thinking. I refuse to live the rest of my life where sick, dying and ignorant is normal.

You promised.

Regards,

Gerard McLean cc: Sen. Sherrod Brown

Index

Hillary Clinton
Healthcare
100hrc
Hrcletters
Recommended from ReadMedium