filter for specific tags not getting recognized for Cognito User Pools and Cognito Identity Pools #7122
Labels
Comments
|
Thanks for reporting this @mission-badams. Looks like tags show up differently for those pool resources and the - tag:environment: "smoke"to this for identity pools: - IdentityPoolTags.environment: "smoke"or this for user pools: - UserPoolTags.environment: "smoke" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
I'm trying to cleanup Cognito User Pools and Cognito Identity Pools that do not have the required tags. When I filter for those required tags the User Pools and Identity Pools are still getting deleted even when those required tags are present. It's deleting all User Pools and Identity Pools regardless of tags.
What did you expect to happen?
I expect only Cognito User Pools and Cognito Identity Pools to get deleted only when they are untagged or missing required tags.
Cloud Provider
Amazon Web Services (AWS)
Cloud Custodian version and dependency information
Custodian: 0.9.14 Python: 3.9.9 (main, Nov 21 2021, 03:23:42) [Clang 13.0.0 (clang-1300.0.29.3)] Platform: posix.uname_result(sysname='Darwin', nodename='MacBook-Pro', release='20.6.0', version='Darwin Kernel Version 20.6.0: Mon Aug 30 06:12:21 PDT 2021; root:xnu-7195.141.6~3/RELEASE_X86_64', machine='x86_64') Using venv: True Docker: False Installed: argcomplete==1.12.3 attrs==21.2.0 boto3==1.19.12 botocore==1.22.12 docutils==0.17.1 importlib-metadata==4.8.1 jmespath==0.10.0 jsonschema==3.2.0 pyrsistent==0.18.0 python-dateutil==2.8.2 pyyaml==5.4.1 s3transfer==0.5.0 setuptools==59.0.1 six==1.16.0 tabulate==0.8.9 typing-extensions==3.10.0.2 urllib3==1.26.7 zipp==3.6.0Policy
policies: - name: sbox-cognito-identity-pool-delete-untagged resource: identity-pool description: | Cloud Custodian Cleanup Notification comments: | Notifification of deleted Cognito Identity Pools that were not tagged with retain filters: - not: - or: - tag:PAN: "true" - tag:retain: "true" - tag:LightsOut: "exclude" - tag:environment: "smoke" - tag:environment: "qc" - tag:gitrepo: "version-tracker-site" - tag:gitrepo: "tf-shared-infrastructure" mode: type: periodic schedule: "rate(14 days)" packages: [boto3, botocore, urllib3] role: CloudCustodian actions: - type: delete - type: notify template: default.html priority_header: '1' subject: '!!! Out of Compliance: Cognito Identity Pools have been deleted!!!' violation_desc: action_desc: | The following resources were deleted because they did not have retain=true tags to: - blank@blank.com - blank@blank.com transport: type: sqs queue: https://sqs.eu-west-2.amazonaws.com/9999999/CloudCustodianNotifications - name: sbox-cognito-user-pool-delete-untagged resource: user-pool description: | Cloud Custodian Cleanup Notification comments: | Notifification of deleted Cognito User Pools that were not tagged with retain filters: - not: - or: - tag:PAN: "true" - tag:retain: "true" - tag:LightsOut: "exclude" - tag:environment: "smoke" - tag:environment: "qc" - tag:gitrepo: "version-tracker-site" - tag:gitrepo: "tf-shared-infrastructure" mode: type: periodic schedule: "rate(14 days)" packages: [boto3, botocore, urllib3] role: CloudCustodian actions: - type: delete - type: notify priority_header: '1' subject: '!!! Out of Compliance: Cognito User Pools have been deleted!!!' violation_desc: action_desc: | The following resources were deleted because they did not have retain=true tags to: - blank@blank.com - blank@blank.com transport: type: sqs queue: https://sqs.eu-west-2.amazonaws.com/99999999/CloudCustodianNotificationsRelevant log/traceback output
No response
Extra information or context
No response
The text was updated successfully, but these errors were encountered: