I have been setting up a cloud custodian policy for automatically terminating the ec2 instances after a certain amount of time. But unfortunately it is not working fine. Filters and mod are working fine in the policy, But action is not getting executed. Kindly let us know if you have any solution.
Policy:
policies:
- name: ec2-terminate-instance
resource: ec2
description: |
Mark any stopped ec2 instance for deletion in 60 days
If an instance has not been started for 60 days or over
then they will be deleted similar to internal policies as it wont be patched.
filters:
- "tag:expiration": present
- "State.Name": stopped
mode:
schedule: "rate(15 minutes)"
type: periodic
role: arn:aws:iam::xxxxxxxxxxxx:role/cloud-custodian-role
actions:
- type: mark-for-op
tag: c7n_stopped_instance
op: terminate
hours: 0.5
Your policy looks right, despite what has been mentioned about custom tags for the delayed operation
mark-for-op
.The details are important here, if you are not seeing the instance terminated with this policy, that is because you would need a second follow up policy that filters on the marked resources and a corresponding action of terminating those discovered instances.
So you:
ref: https://www.cloudcustodian.io/docs/azure/examples/resourcegroupsdelayedoperation-general.html#azure-example-delayedoperation