Cloud Custodian Policies for EC2 and S3

Question

I am writing cloud custodian policies to terminate all internet facing ec2 instances and public S3 buckets.

I couldn't find a straight up rules filters for this in the official docs.

Any help would be appreciated.

Cheers

Answer 1

Reference: Cloud Custodian Docs

policies:
  - name: find-ec2-on-public-subnets
    resource: ec2
    filters:
        - type: value
          key: "SubnetId"
          op: in
          value:
              - subnet-d1e4xxxxx
              - subnet-d1e4xxxxx
    actions:
        - stop

  - name: s3-global-access
    resource: s3
    filters:
      - type: global-grants
    actions:
      - type: delete-global-grants
        grantees:
          - "http://acs.amazonaws.com/groups/global/AllUsers"
          - "http://acs.amazonaws.com/groups/global/AuthenticatedUsers"