I'm new to Cloud Custodian and have the few doubts specific to using it for AWS.
I ran the following policy (no filters and actions present) so that I could get all the options for using as keys in value type filters :
policies:
- name: CheckPublicECRRepo
resource: ecr
The output was a detailed list of all the AWS ECR private repositories in my account which is exactly same as running aws ecr describe-repositories --region <region>.
So,
How AWS CLI command responses relate to those from running Cloud Custodian commands? Are they both calling same APIs? If yes, which API is being called here exactly?
How can I write a Cloud Custodian policy to detect AWS ECR public repositories? I'm getting the desired output by running this AWS CLI command : aws ecr-public describe-repositories --region us-east-1.
ecr-public resource does not seem to be supported yet. So I would either submit a feature request here or I would try to code the missing feature and contribute it.