We are trying to use cloudcustodian for infrastructure audit and generate csv report for resources which does not match tagging policy
Config example:
vars:
tag-filters: &tag-compliance-filters
- "tag.team_name": absent
- "tag.product_name": absent
- "tag.application_name": absent
- "tag.service_name": absent
- "tag.group": absent
policies:
- name: tag-compliance-rds
resource: aws.rds
description: |
Detect resources which does not meet tags compliance
filters:
- and: *tag-compliance-filters
But in CSV report I see all resources (even resources that match this policy). c7n-org utility used. So, the question is how to filter only noncomplient resources which do not have at least one of these tags?
I see this post a very old. Still answering
You will have to use OR in the filters.
vars:
tag-filters: &tag-compliance-filters
- "tag.team_name": absent
- "tag.product_name": absent
- "tag.application_name": absent
- "tag.service_name": absent
- "tag.group": absent
policies:
- name: tag-compliance-rds
resource: aws.rds
description: |
Detect resources which does not meet tags compliance
filters:
- or: *tag-compliance-filters