RDS Offhours support ? Example RDS Offhours policy ?

[dthauvin]

Hi
Is Offhours supported for RDS ?
I find a "rds start/stop actions" commit so i guess yes indeed.

Could this policy works ?

policies:
  - name: offhours-stop
    resource: rds
    filters:
      - type: offhour
        weekends: false
        default_tz: pt
        tag: downtime
        opt-out: true
        onhour: 8
        offhour: 20

thanks a lot

[scotwk]

@damdr - I don't have specific experience writing offhour policies, but I do see an offhour filter available for the rds resource. You can see what actions and filters are available via the schema subcommand, e.g.

$ custodian schema rds
rds:
  actions: [auto-patch, auto-tag-user, delete, invoke-lambda, mark, mark-for-op, modify-security-groups,
    notify, put-metric, remove-tag, resize, retention, snapshot, start, stop, tag,
    tag-trim, unmark, upgrade]
  filters: [and, db-parameter, default-vpc, event, health-event, kms-alias, marked-for-op,
    metrics, network-location, not, offhour, or, security-group, subnet, tag-count,
    upgrade-available, value]

Furthermore, you can view the specific schema for the offhours filter like this:

$ custodian schema rds.filters.offhour
...

[jantman]

@damdr Have you tried it?

[mdxp]

I couldn't get it to work either. There is no error but the filter doesn't select any instance even if tagged correctly.

[studiorak]

Hi,

Is there a workaround to the fact special characters (equal, commas, parentheses) are forbidden into some service's tags (for instance : rds).

Is that does exists, could you please share some example of configuration ?

PS: @MXDP : maybe you could share the tags you used as it could be a part of the solution...

Kind regards
Jean-Luc R.

[dlut2]

As a workaround we use a custom tag to determine whether an RDS will be acted upon by a policy with explicitly pre-set timezone options.

- name: rds-offhour-stop-pstdown
    resource: rds
    comment: |
      At 7 PM PST, stop all RDS instances that have the tag custodian_rds_offhours_marker = 'stopped'
      AND the tag custodian_rds_offhours_timezone = 'estup_pstdown'
    filters:
      - type: value
        key: "tag:custodian_rds_offhours_timezone"
        op: eq
        value: "estup_pstdown"
      - type: value
        key: "tag:custodian_rds_offhours_marker"
        op: eq
        value: "stopped"
      - type: offhour
        tag: custodian_rds_offhours
        opt-out: True
        default_tz: pt
        offhour: 19
    actions:
        - stop

[pricy]

@dlut2 I tried a mondified version of the workaround you suggested above and applied the following tags. However, the lambda is not identifying this RDS instance as I expected. Not quite sure if I am applying the tags correctly.

[pricy]

Here is the start policy I used.

• name: rds-onhour-eststart
  resource: rds
  comment: |
  At 7 PM EST, start all RDS instances that have the tag custodian_rds_onhours_marker = 'started'
  AND the tag custodian_rds_onhours_timezone = 'est_up'
  mode:
  type: periodic
  role: arn:aws:iam::{account_id}:role/**
  schedule: "cron(0 * * * ? *)"
  tags:
  applicationid: **
  env: **
  filters:
  - type: value
  key: "tag:custodian_rds_onhours_timezone"
  op: eq
  value: "est_up"
  - type: value
  key: "tag:custodian_rds_onhours_marker"
  op: eq
  value: "started"
  - type: onhour
  tag: custodian_rds_onhours
  opt-out: true
  default_tz: est
  onhour: 19
  actions:
  - start

[pricy]

I got this to work by applying a "custom_maid_hours" tag to the RDS instance and used this policy

• name: custom-rds-offhours-stop
  resource: rds
  mode:
  type: periodic
  role: arn:aws:iam::{account_id}:role/inf-c7nrdsstop-iam-role
  schedule: "cron(0 * * * ? *)"
  tags:
  applicationid: cloudcustodian
  env: cloudcustodian
  filters:
  - type: offhour
  offhour: 21
  tag: maid_offhours
  weekends: true
  default_tz: est
  opt-out: true
  - "tag:custom_maid_hours": present
  - "DBInstanceStatus": available
  actions:
  - stop

  • name: custom-rds-offhours-start
    resource: rds
    mode:
    type: periodic
    role: arn:aws:iam::{account_id}:role/inf-c7nrdsstop-iam-role
    schedule: "cron(0 * * * ? *)"
    tags:
    applicationid: cloudcustodian
    env: cloudcustodian
    filters:
    • type: onhour
      onhour: 4
      tag: maid_onhours
      weekends: true
      default_tz: est
      opt-out: true
    • "tag:custom_maid_hours": present
    • "DBInstanceStatus": stopped
      actions:
    • start

[vai021]

I tried the exact solution from above, and no luck at my end. The logs just say filtered from 1 to 0 rds instances and it doesnt stop the instance. Has there been any other solutions on the above?