You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our organization, Cruise, currently requires filtering resources based on the tags attached to them and further use these filtered resources to manage exemptions. I am currently working on adding this as a common filter for any service that supports tags using Cloud Asset Inventory to fetch resources. PR on the way!
Here is an example of a policy that filters based on tags :
policies:
- name : cloudsql-public-instances-with-tags
resource: gcp.sql-instance # Any resource that supports tags
filters:
- type: tags
scope: "organizations/123" # or folders/1234 or projects/12345
has: true
tagvalue: "123/resource_is_exempt_sql.restrictPublicIp/TRUE" # parentNamespace/tagKeyShortName/tagValueShortName
Extra information or context
No response
The text was updated successfully, but these errors were encountered:
do you mean gcp organization tags? that term is a little overloaded in custodian, since we also use it to reference gcp resource level labels. but a tag filter sounds good.
fwiw, cloud asset inventory is already supported in custodian, using the source: inventory configuration on a policy.
@kapilt can you show some examples for using the Cloud Asset Inventory in Custodian? I am interested to see if I can use it to filter resources with tags. Thanks!
Describe the feature
Our organization, Cruise, currently requires filtering resources based on the tags attached to them and further use these filtered resources to manage exemptions. I am currently working on adding this as a common filter for any service that supports tags using Cloud Asset Inventory to fetch resources. PR on the way!
Here is an example of a policy that filters based on tags :
Extra information or context
No response
The text was updated successfully, but these errors were encountered: