Comments (4)
this can also occur due to instances with non-complying tags being terminated. in our policy for example, we terminate instances with non-complying tags once an hour. if the missing tag is who owns the instance, we have no way to email the owner and the asg keeps spinning. would be nice to be able to track an hourly instance scan back to the creator of the asg, but at the very least suspending the ASGs under these cases as well
not just applicable to this issue, but maybe custodian could hook into cloud trail on all instance creation events and auto tag them with who launched it? that person could always be included in event notifications
from cloud-custodian.
i added better support for asg cwe rules including state notifications, but i'm a still a little unclear what we should do as an action when we detect these. In some of the larger accounts, there would be thousands of event fires a day. We could try batch and aggregate for notification. We could also resize down, but i'm hesistant to due that unless its a structural issue with the launch config, ie. elb health check outage could be transient. sounds like we need a filter on the structural issue with resize down and notify actions.
from cloud-custodian.
to add some specifics of things I think would be useful...
ASGs usually spin for a few different reasons. I'm sure there are others, but these come to mind:
- invalid configs - invalid ami, subnet ids, etc
- continually failing health checks
- spinning due to instances being killed by other custodian rules
- no space left for launching instances
It would be nice to be able to split them out to perform different actions based on the category of spin. For example, in the case of invalid configs, we can suspend and/or delete. In the case of continually failing health checks, I'd rather just notify since we've had cases where spinning was due to a network change, and we may not want to stop ASGs in that case.
For the spinning due to instances being killed by other rules, I think we're solving that by putting those rules on the asg configs. There may be some outliers, but that seems like less of an issue right now.
from cloud-custodian.
addressed in #220 .. basically a filter for asgs to detect invalid configs, or missing elbs
from cloud-custodian.
Related Issues (20)
- Kubernetes Controller Mode doesn't work for 'namespaces' resource
- I would like to add support for aws bedrock knowledge base HOT 1
- Check old EC2 instance whether its rebooted or not, required filter with OS level uptime HOT 1
- Unable to get dynamodb-backup resources HOT 4
- Set Athena Workgroup Encryption also tries to change readonly field HOT 8
- custodian schema gcp.vpc.filters.firewall shows AWS example policy for aws.security-group and aws.ecs-task-definition
- aws - cloudwatch alarms add support to filter out alarms with a parent composite alarm
- How to shoehorn Appmesh Virtual Gateway / Virtual Node into the CC resource pattern given it has no "id" and given that "arn" and "createdDate" are not top level fields. HOT 1
- AssumeRole doesn't seem to be working as expected while using c7n-org HOT 3
- I would like to add a data source filter for aws bedrock knowledge base resource HOT 1
- DynamoDB Table filter through CloudFormation creation HOT 4
- `aws.org-unit` resource raises exception in cloudtrail mode
- Add a `aws.workspaces-bundle` resource
- Add a `managed-actions` filter for `aws.elasticbeanstalk-environment`
- Increased CPU & Memory Usage v0.9.32 HOT 2
- Support cloudflare
- I would like to add a logging filter and action for AWS Network Firewall
- No caching for list_account_aliases api
- Codestar - Add New Resource
- Support setting automated backups on elasticache clusters
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cloud-custodian.