我是 Cloud Custodian 的新手。我生成了各种策略来清理 AWS 资源。我想获取策略输出并根据 Cloud Custodian 文档(此处)为我们的 SRE 生成一份报告。但是,使用同一策略文件时,Cloud Custodian 报告找不到任何记录/资源。我正在配置了 AWS 凭证的 Docker 容器中运行 Cloud Custodian v0.9.36。
当我运行测试策略来查询 EC2 实例时,我按预期收到记录。当我运行 Cloud Custodian 报告时,未找到任何资源。报告文件夹是根据策略创建的,并且为空。原始输出文件也是空的。请参阅下面的输出:
custodian@27c49e174cab:~$ custodian run -s output --cache-period 0 policies/test.yml
2024-05-30 14:31:08,835: custodian.policy:INFO policy:ec2-report-all resource:ec2 region:us-west-1 count:14 time:1.72
2024-05-30 14:31:10,507: custodian.policy:INFO policy:ec2-report-running resource:ec2 region:us-west-1 count:12 time:1.67
2024-05-30 14:31:12,124: custodian.policy:INFO policy:ec2-report-stopped resource:ec2 region:us-west-1 count:2 time:1.61
custodian@27c49e174cab:~$ custodian report -s ./reports --raw ./test.json --format grid -v --all-findings policies/test.yml
2024-05-30 14:31:18,646: custodian.cache:DEBUG Disabling cache
2024-05-30 14:31:18,647: custodian.commands:DEBUG Loaded file policies/test.yml. Contains 3 policies
2024-05-30 14:31:18,652: custodian.aws:DEBUG using default region:us-west-1 from boto
2024-05-30 14:31:19,217: custodian.reports:DEBUG Found 0 records for region us-west-1
2024-05-30 14:31:19,218: custodian.reports:DEBUG Found 0 records for region us-west-1
2024-05-30 14:31:19,218: custodian.reports:DEBUG Found 0 records for region us-west-1
+-----------------+--------------+------------+----------------+--------------+---------+--------------------+----------+
| CustodianDate | InstanceId | tag:Name | InstanceType | LaunchTime | VpcId | PrivateIpAddress | Policy |
+=================+==============+============+================+==============+=========+====================+==========+
+-----------------+--------------+------------+----------------+--------------+---------+--------------------+----------+
test.yml策略文件内容:
policies:
# EC2 Reporting Policies
- name: ec2-report-all
resource: ec2
comments: |
Report all stand-alone EC2 instances.
filters: []
- name: ec2-report-running
resource: ec2
comments: |
Report all running stand-alone EC2 instances.
filters:
- "State.Name": running
- name: ec2-report-stopped
resource: ec2
comments: |
Report all stopped stand-alone EC2 instances.
filters:
- "State.Name": stopped
我不确定这是否是 Cloud Custodian 的新错误,或者是否存在另一个未记录的配置,我需要运行报告并成功提取记录。
你必须先“跑”然后“报告”。示例:
custodian run policies/ec2/cleanup-ebs-volumes.yml -s output --dry-run
custodian report policies/ec2/cleanup-ebs-volumes.yml -s output -v