JMESPath query with CloudCustodian filter Key for ec2 ami

Question

I would like to find and stop, using cloudcustodian, all ec2s that are running an ami older than a certain date and that have a certain tag. The tags on such ami would look like

"Tags": [
    {
       "Key": "tag-1",
       "Value": "value-1"
    },
    {
       "Key": "special-tag",
       "Value": "special-value"
    }
]

and I want to find ec2 running amis with the "special-tag"

I tried

policies:
  -name: ec2_with_expired_ami
   resource: aws.ec2
   filters:
      - type: image-age
        days: 110
        op: gte
      - type: image
        key: "Tags"
        op: contains
        value: "special-tag"
   actions:
      - type: stop

but the filter doesnt pick any ec2 with such ami

I am probably using the wrong JMESPath syntax

Answer 1

Your example policy is very close! Because tag filters are so common, Custodian supports a special convenience syntax for key which targets tags. You can see an annotated example in the docs here.

In your case, changing the filter from:

      - type: image
        key: "Tags"
        op: contains
        value: "special-tag"

to:

      - type: image
        key: tag:special-tag
        value: present

sounds like it will do the trick. The special values section of the value filter documentation explains how the special present value functions there.