You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're using Lambda deployment mode of policies, on AWS.
We're deploying on multiple accounts with c7n-org.
The execution output is stored in a deeply hierarchized S3 bucket:
At each execution, the following items are stored:
custodian-run.log
metadata.json
resources.json
parse_errors.json (sometime)
opted_out.json (sometime)
denied.json (sometime)
Feature Request
In the notification part of the policies, we would like to send a message containing a link to this bucket, (and/or be able to access the same variables available in the output_dir variable expansion logic).
When building reports based on the execution output (files in output_dir, mainly metadata.json and resources.json) we also want to be able to reference this output_dir path.
More generally, we would like that (most of) the variables available for output_dir, the notify message, and the metadata.json file are the same (same value - and maybe in the future same name also).
This way, it's easier to "cross-reference" the same variables in those 3 different contexts.
In the notify part of the policies, we send message notifications (slack, teams, email, ...) with (almost) only a link to the dynamic report. (like the example link above)
For the moment, it's not possible to base the output_dir on the date, because now in output_dir is not equals to the execution_start date in the notification message (they can differ by a few seconds ; they are not referencing strictly the same moment)
For the moment, it's not possible to base the output_dir on the execution id, as uuid in output_dir is generated independently of execution_id of the notify message and do not have the same value.
Describe the feature
Context
We're using Lambda deployment mode of policies, on AWS.
We're deploying on multiple accounts with
c7n-org
.The execution output is stored in a deeply hierarchized S3 bucket:
At each execution, the following items are stored:
custodian-run.log
metadata.json
resources.json
parse_errors.json
(sometime)opted_out.json
(sometime)denied.json
(sometime)Feature Request
output_dir
variable expansion logic).output_dir
, mainlymetadata.json
andresources.json
) we also want to be able to reference thisoutput_dir
path.output_dir
, the notify message, and themetadata.json
file are the same (same value - and maybe in the future same name also).This way, it's easier to "cross-reference" the same variables in those 3 different contexts.
Use-case
output_dir
on the date, becausenow
inoutput_dir
is not equals to theexecution_start
date in the notification message (they can differ by a few seconds ; they are not referencing strictly the same moment)output_dir
on the execution id, asuuid
inoutput_dir
is generated independently ofexecution_id
of the notify message and do not have the same value.Variables
If I'm not mistaken, the variables available for
output_dir
variable expansion are:account_id
now
:utcnow()
at the moment of created theoutput_dir
path viaget_output_path
policy_name
region
uuid
: a newly-generated UUID, that seems unrelated to other UUIDs availableFor the notify message sent in the SQS, the following fields are available in the message:
account_id
account
action
event
execution_id
execution_start
partition
policy
region
resources
version
In the output metadata file
metadata.json
, we can access the following similar information:api-stats
config
(containingaccount_id
,region
,output_dir
in template (variables not replaced) form, ...)execution.duration
execution.end_time
execution.id
execution.start
metrics
policy
(containingpolicy.name
, etc...)sys-stats
version
Summary of the proposed changes / additions
output_dir
metadata.json
execution.duration
metrics
sys-stats
account
metadata.json
/ not sure foroutput_dir
execution_id
execution.id
output_dir
.execution_start
execution.start
output_dir
.partition
metadata.json
?policy
region
config.region
resources
version
version
account_id
account_id
config.account_id
now
execution.start
)policy_name
policy.name
policy.name
uuid
execution.id
)output_dir_final
output_dir_final
Please comment on the usefulness, and I'll try to do the implementation.
Extra information or context
No response
The text was updated successfully, but these errors were encountered: