我正在编写云托管策略来终止所有面向互联网的ec2实例和公共S3存储桶。
我在官方文档中找不到直接规则过滤器。
任何帮助都将不胜感激。
干杯
答案 0 :(得分:1)
参考:here
policies:
- name: find-ec2-on-public-subnets
resource: ec2
filters:
- type: value
key: "SubnetId"
op: in
value:
- subnet-d1e4xxxxx
- subnet-d1e4xxxxx
actions:
- stop
- name: s3-global-access
resource: s3
filters:
- type: global-grants
actions:
- type: delete-global-grants
grantees:
- "http://acs.amazonaws.com/groups/global/AllUsers"
- "http://acs.amazonaws.com/groups/global/AuthenticatedUsers"