Target specific buckets for applying cloud custodian policy

Question

I am trying to target all the buckets in my account that have name like Prod-** with my custodian policy.

The custodian policy basically checks if replication is enabled and if not then goes ahead and enables the replication.

I am able to write the policy that targets all the buckets but what if i want to only target specific buckets. In the official documentation of [Cloud Custodian][1] i do not see any option for specifying name of the bucket.

Here is what my policy looks like -

  - name: s3-replication
    resource: s3
    filters:
      - type: value 
        key: Replication.ReplicationConfiguration.Rules[].Destination.Account
        value: absent
    actions:
      - type: set-replication
        state: enable ```

Answer 1

Your policy has all of the pieces there, all you would need is another string matching filter criteria.

  - name: s3-replication
    resource: s3
    filters:
      - type: value 
        key: Replication.ReplicationConfiguration.Rules[].Destination.Account
        value: absent
      - type: value
        key: tag:Name
        op: glob
        value: Prod-*
    actions:
      - type: set-replication
        state: enable

These filters are chained together and both need to evaluate to return resources.

Here we are obviously using the tag:Name value which is quite common for resources in general, but you could equally target any other bucket attribute based on the AWS API docs.