Last active
January 20, 2023 22:59
-
-
Save circa10a/d24075818b9dfc85c965fb5ced2cdcd8 to your computer and use it in GitHub Desktop.
cloud custodian policy / lambda to add lifecycle rule on bucket delete attempts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| policies: | |
| - name: add-lifecycle-policy-on-bucket-delete | |
| comments: | | |
| In dev, let's start emptying the bucket as soon as delete is requested so that we can have a more ephmeral environment for standup/teardown | |
| resource: s3 | |
| mode: | |
| type: cloudtrail | |
| role: cloud-custodian-role | |
| execution-options: | |
| log_group: cloud-custodian | |
| events: | |
| - source: s3.amazonaws.com | |
| event: DeleteBucket | |
| ids: 'requestParameters.bucketName' | |
| # Default behavior bails early due to the error code of BucketNotEmpty being present. | |
| # This took forever to figure out. Never spend time on this. | |
| environment: | |
| Variables: | |
| C7N_SKIP_ERR_EVENT: 'no' | |
| # Only put policy on buckets that have the env = dev tag for safety | |
| filters: | |
| - tag:env: dev | |
| actions: | |
| - type: configure-lifecycle | |
| rules: | |
| - ID: empty-bucket | |
| Status: Enabled | |
| Filter: | |
| Prefix: '' | |
| Expiration: | |
| Days: 1 | |
| NoncurrentVersionExpiration: | |
| NoncurrentDays: 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment