I am writing a cloud custodian policy to find the s3 buckets which are not encrypted on creation- send an email to slack for 5 days- then encrypt on the 6th day. I have figured out the component on emailing to slack. But not able to put the logic to mark the S3 bucket for encryption and then encrypt on current date. Any help is appreciated
S3 Cloud Custodian
465 Views Asked by UMA At
1
There are 1 best solutions below
Related Questions in AMAZON-S3
- Convert JSON.gz to JSON in node js
- Downloading objects from S3 with presigned URL
- "Access Denied" - User's Permissions to S3 Bucket
- jQuery file upload to S3 (and rails) with CORS headers
- copying file from local machine to Ubuntu 12.04 returning permission denied
- AWS Flow Framework: Can we run activity worker and activity task on different EC2 instances
- Unable to access files from public s3 bucket with boto
- s3cmd not working as cron-task when echos/dates are added
- AWS S3 object listing
- React-native upload image to amazons s3
- S3 restrictions on quantity of object downloads
- How to upload a photo in Meteor to S3 and have it sync to database item?
- Limit upload size to S3 with presigned URL
- dragonfly-s3 with S3 IAM user causing a forbidden 403 response from Amazon
- Split S3 files into multiple output files
Related Questions in AWS-LAMBDA
- How to get rows count from Amazon DynamoDB using Lambda AWS
- Querying DynamoDB with Lambda does nothing
- undefined is not a function after refactor
- Async AWS Lambda not executed if caller returns too early
- In amazon lambda, resizing multiple thumbnail sizes in parallel async throws Error: Stream yields empty buffer
- How to upload an object into S3 in Lambda?
- How to do image overlay and watermark using node.js in amazon lambda function
- Base64 encode UserData parameter for EC2 RunInstances using AWS Lambda
- AWS Lambda PHP Create Function with Zip
- Triggering a AWS Lambda from a form post
- Zip Files & Folders With No Base Directory
- Dynamically loading jar from arbitrary url
- AWSTask is not instantiable
- AWS Custom Authorizer with request parameters
- Parse OSM PBF in AWS Lambda and S3
Related Questions in POLICY
- Can i move items from a custom list to another list after a specific retention?
- weblogic Ws-security policy vs oasis policy
- Your implementation of PreferenceActivity is vulnerable to fragment injection
- Granting Lync Polcies Via AD Group Member using PowerShell
- Amazon AWS S3 IAM Policy based on namespace or tag
- Reset quota is not working as expected in apigee
- Pundit Policy Scope for Has Many Through Relationship
- invalid according to policy policy condition failed starts-with $content-type ""
- What does S3 Policy Version mean?
- Facebook Log Out required for Unity apps?
- Importing SAP WSDL with VS17 - Custom tool warning: The following Policy Assertions were not imported/was not handled
- Restricting access to AWS S3 bucket based on referer
- Certificate enrollment via webserver
- Create Azure Resource Policy to enforce user?
- Can I pass JSON policy file as parameter value to s3bucket policy
Related Questions in CLOUDCUSTODIAN
- How to set the python runtime on AWS when using c7n-org to create custodian rule
- Cloud custodian policy and rds instance count for clusters
- custodian object not found exception
- Cloud Custodian c7n - Policy to count RDS instances greater than 3
- How can I send email notification via SNS using cloud custodian
- Cloud-Custodian: Deleting just specific backups of specific DynamoDB tables
- get AWS EC2 instances which has security groups(which has more than 50 rules) attached using cloud custodian policy
- Cloud custodian policy to get all open ports of AWS EC2 instance
- How to filter on usernames using custodian iam-user resource?
- S3 Cloud Custodian
- Cloud-Custodian resource:ec2 send mail region and account-name variable problem
- Cloud Custodian: Find all VMs without tags Azure
- Cloud Custodian: Tagging snapshots (AWS)
- Cloud Custodian filter GCP compute instances that have a label for datetime that's past
- Include OS type (Linux/Windows) in Cloud Custodian's EC2 findings for AWS Security Hub
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Consider using lambda as a custom AWS Config Rule, or create a lambda that is triggered off a compliance change to the standard rule: S3 bucket encryption is enabled.
For either, the lambda identifies the bucket and applies the encryption setting.
The tricky part is applying this on the 6th day. Applying immediately would provide better enforcement of the policy. To do this will require separate storage of the bucket ARN and the date to apply the encryption setting and a scheduler to run the function that either sends another Slack message or applies encryption.
For the first approach there is documentation for creating custom rules:
For the second approach, create a CloudWatch rule with