Cloud Custodian Policies
Requirements:
- Jenkins installation with plugins: a) Pipeline: AWS Steps b) Docker plugin
- Technical user in AWS with create Lambda permissions
- Dockerhub account to publish Docker image
- Github Enterprise technical user
- Allow access to AWS API (api.amazon.com) from Docker agent
Installation
- Build Dockerimage from Dockerfile
- Setup docker Agent template in Jenkins with following details: a) Labels: docker-custodian b) Name: docker-custodian c) Remote File System Root: /home/custodian d) User: custodian
- Create build with pipeline script from SCM using git@github.exasol.com:devops/cloudcustodian.git
Usage:
- Commit the changes in master branch
- New policies should be added in custodian.yml file
- Run the build
Explenation of pipeline :
- Declarative: Checkout SCMB: uild first downloads the files from github master branch repository
- Validate: Updated custodian.yml policy files is validated for errors
- Test: Policy is deployed in aws-im-dev environment for testing
- Dryrun: Policy is dryruned through all accounts
- Run: Policy is deployed in all envrionment
- clean-old-functions: Old lambda functions which are not part for custodian.yml files are removed/deleted
...