cloudcustodian

问题 All, I am trying to implement cloud custodian solution on AWS ECS scheduled task on Fargate. My Dockerfile looks like: FROM cloudcustodian/c7n:latest WORKDIR /opt/src COPY policy.yml policy.yml COPY mailer.yml mailer.yml ENTRYPOINT [ "/bin/sh" ] where policy.yml looks like policies: - name: c7n-mailer-test resource: sqs filters: - "tag:MailerTest": absent actions: - type: notify template: default priority_header: '2' subject: testing the c7n mailer to: - test@mydomain.com transport: type: sqs

问题 I have this in my policy to allow only 80 and 443 open to world. "or": [ { "Cidr": { "value": "0.0.0.0/0" }, "type": "ingress", "OnlyPorts": [ 80, 443 ] }, { "CidrV6": { "value": "::/0" }, "type": "ingress", "OnlyPorts": [ 80, 443 ] } ] Now, I want to allow only 8080 and 8081 to selected security groups, not for all security groups. Is this possible? 回答1: You need to edit particular security groups only. Just open the ports there and that will do it. 回答2: Add a value filter using a key and