Source: cloud-custodian/cloud-custodian
Original Issue ID: 9704
Describe the feature
I am always frustrated when I have an ebs volume that is constantly auto attaching and unattaching from an EC2. The custodian policy will mark and unmark it for deletion. I'd like to exclude this ebs but there isn't a way of identifying these ebs volumes that are constantly marked and unmarked.
It would be nice if I could count the number of times a custodian policy has completed an action on a specific resource.
A simple way to do this would be to "tag" the resource with a number and then increment it over time. Then I could search for all the resources (ebs volumes in this case) that contain a tag value of greater than 5 and then investigated further and/or exclude from deletion.
Extra information or context
Slack thread https://cloud-custodian.slack.com/archives/CAL4P6YE6/p1725375454743359
Is there a way to access the existing tag data of a resource within an action?
If so, we could maybe implement a custom jmespath add function like they did in kyverno. The jmespath
https://kyverno.io/docs/writing-policies/jmespath/#custom-filters
The jmespath org technically approved jep16
jmespath-community/jmespath.spec#25 (comment)
jmespath/jmespath.jep#24
But it hasn't been implemented yet into the upstream python jmespath package
jmespath/jmespath.py#294
Other blockers
Source: cloud-custodian/cloud-custodian
Original Issue ID: 9704
Describe the feature
I am always frustrated when I have an ebs volume that is constantly auto attaching and unattaching from an EC2. The custodian policy will mark and unmark it for deletion. I'd like to exclude this ebs but there isn't a way of identifying these ebs volumes that are constantly marked and unmarked.
It would be nice if I could count the number of times a custodian policy has completed an action on a specific resource.
A simple way to do this would be to "tag" the resource with a number and then increment it over time. Then I could search for all the resources (ebs volumes in this case) that contain a tag value of greater than 5 and then investigated further and/or exclude from deletion.
Extra information or context
Slack thread https://cloud-custodian.slack.com/archives/CAL4P6YE6/p1725375454743359
Is there a way to access the existing tag data of a resource within an action?
If so, we could maybe implement a custom jmespath add function like they did in kyverno. The jmespath
https://kyverno.io/docs/writing-policies/jmespath/#custom-filters
The jmespath org technically approved jep16
jmespath-community/jmespath.spec#25 (comment)
jmespath/jmespath.jep#24
But it hasn't been implemented yet into the upstream python jmespath package
jmespath/jmespath.py#294
Other blockers