I would like to find and stop, using cloudcustodian, all ec2s that are running an ami older than a certain date and that have a certain tag. The tags on such ami would look like
"Tags": [
{
"Key": "tag-1",
"Value": "value-1"
},
{
"Key": "special-tag",
"Value": "special-value"
}
]
and I want to find ec2 running amis with the "special-tag"
I tried
policies:
-name: ec2_with_expired_ami
resource: aws.ec2
filters:
- type: image-age
days: 110
op: gte
- type: image
key: "Tags"
op: contains
value: "special-tag"
actions:
- type: stop
but the filter doesnt pick any ec2 with such ami
I am probably using the wrong JMESPath syntax
Your example policy is very close! Because tag filters are so common, Custodian supports a special convenience syntax for key which targets tags. You can see an annotated example in the docs here.
In your case, changing the filter from:
- type: image
key: "Tags"
op: contains
value: "special-tag"
to:
- type: image
key: tag:special-tag
value: present
sounds like it will do the trick. The special values section of the value filter documentation explains how the special present value functions there.