Cloud Custodian
Removing polices #10638
Replies: 1 comment 3 replies
-
|
The Lambda support docs reference running mugc to clean up policies. Since you mentioned c7n-org, it's possible to use mugc with It lets you run commands like: c7n-org run-script \
--output-dir c7n-out \
--config c7n_org_config.yml -- \
python path/to/cloud-custodian/tools/ops/mugc.py \
--region us-east-2 \
--region us-west-2 \
--dryrun \
--present \
--config policies/*.ymlWhich would say "let's dry run removing any of these policies that are currently deployed in us-east-2 or us-west-2". |
Beta Was this translation helpful? Give feedback.
-
|
Thanks, a really good help. I'll give it a try: c7n-org run-script The --present flag (cleaner for your use case): Keep the policy file exactly as is — no changes needed |
Beta Was this translation helpful? Give feedback.
-
|
Thanks Man, All worked, even with an accounts.yml file, just had to remember the mygc.py isn't in the c7n, c7n-org package so had to do this step ------------------------- |
Beta Was this translation helpful? Give feedback.
-
|
And the other thing is it didn't delete the log groups associated with the Lambda(s) so just needed another step |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
We've got a demo policy of cloudtrail type running in our AWS org. All works fine.
But how do we have a github workflow of removing them all as there doesn't appear to be a "custodian --remove" or a "c7n-org --remove" did they use to be a remove argument?
Its a shame as we have the accounts.yml file for the c7n-org and it works really well for adding a policy to all org members, but then we need to manually delete them
Beta Was this translation helpful? Give feedback.
All reactions