Search code examples
amazon-web-servicesdockercloudcustodian

How to set up cloud custodian on Docker

All,

I am trying to implement cloud custodian solution on AWS ECS scheduled task on Fargate.

My Dockerfile looks like:

FROM cloudcustodian/c7n:latest

WORKDIR /opt/src

COPY policy.yml policy.yml
COPY mailer.yml mailer.yml

ENTRYPOINT [ "/bin/sh" ]

where policy.yml looks like 

policies:
  - name: c7n-mailer-test
    resource: sqs
    filters:
     - "tag:MailerTest": absent
    actions:
      - type: notify
        template: default
        priority_header: '2'
        subject: testing the c7n mailer
        to:
          - test@mydomain.com
        transport:
          type: sqs
          queue: arn:aws:iam::xxxx:role/cloud-custodian-mailer-role-svc

Also mailer.yml looks like 

queue_url: https://sqs.ap-southeast-1.amazonaws.com/xvxvxvx9/cloud-custodian
role: arn:aws:iam::xxxxx:role/cloud-custodian-mailer-role
from_address: test@mydomain.in

After running the image I cannot see any message on the SQS or in the recipient's email.

Also, how can I store the output on s3 also.

Solution

  • There is an official docker image already available on docker hub cloud custodian: https://hub.docker.com/r/cloudcustodian/c7n

    if you want to use tools with custodian there is also separate docker images available on docker hub Ex. Mailer: https://hub.docker.com/r/cloudcustodian/mailer

    however, if you want to run both in the same container please have a look at this : https://github.com/harsh4870/cloud-custodian

    Dockerfile

    FROM python:3.6-alpine

LABEL MAINTAINER="Harsh Manvar <harsh.manvar111@gmail.com>"

WORKDIR /opt/src

COPY cloud-custodian .
RUN apk add --no-cache --virtual .build-deps gcc musl-dev
RUN pip install -r requirements.txt && \
    python setup.py install && \
    cd tools/c7n_mailer/ && \
    pip install -r requirements.txt && \
    pip install requests && \
    python setup.py install
RUN apk del .build-deps gcc musl-dev
WORKDIR /opt/src

COPY policy.yml policy.yml
COPY mailer.yml mailer.yml

ENTRYPOINT [ "/bin/sh" ]

    Run docker image by passing command : 

    docker run \
        -e AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" \
        -e AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" \
        -e AWS_DEFAULT_REGION="$(REGION)" \
        -v "$(CURDIR)/logs:/tmp" \
        "cloud-custodian:$(VERSION)" \
        -c "/usr/local/bin/custodian run -c policy.yml -s .; /usr/local/bin/c7n-mailer --config mailer.yml --run"