jtroberts83 · March 19, 2019 16:38
diff --git a/ec2-subnet-examples b/ec2-subnet-examples
 policies:

 - name: ec2-subnet-terminate-realtime
  resource: ec2
  mode:
      type: cloudtrail
      events:
        - RunInstances
  description: |
      Triggered on new EC2 instances that are created and if the
      subnet it is launched in is listed in s3 csv then terminate it.
  filters:
      - type: value
        key: SubnetId
        op: in
        value_from:
             url: s3://your-s3-bucket-here/file-of-subnets.csv
             format: csv2dict
  actions:
      - type: terminate
        force: true
      - type: notify
        template: default.html
        priority_header: 1
        subject: "EC2 - Server Terminated Due To Chosen Subnet - [custodian {{ account }} - {{ region }}]"
        violation_desc: "Your sever was launched in a subnet that is low on IP addresses and has been terminated"
        action_desc: |
          "Actions Taken:  The EC2 instance has been Terminated.  A new instance will need to be launched in a different subnet to replace this if needed."
        to:
          - [email protected]
          - event-owner
        transport:
          type: sqs
          queue: https://sqs.us-east-1.amazonaws.com/XXXXXXXXXXXX/cloud-custodian-mailer
          region: us-east-1



 - name: ec2-subnet-terminate-poll
  resource: ec2
  description: |
      Finds existing EC2 instances that are present in subnets listed in s3 csv that have been launched in last 24 hours and terminate them.
  filters:
      - type: value
        key: SubnetId
        op: in
        value_from:
             url: s3://your-s3-bucket-here/file-of-subnets.csv
             format: csv2dict
      - type: instance-age
        op: less-than
        hours: 24
  actions:
      - type: terminate
        force: true
      - type: notify
        template: default.html
        priority_header: 1
        subject: "EC2 - Server Terminated Due To Chosen Subnet - [custodian {{ account }} - {{ region }}]"
        violation_desc: "Your sever was launched in a subnet that is low on IP addresses and has been terminated"
        action_desc: |
          "Actions Taken:  The EC2 instance has been Terminated.  A new instance will need to be launched in a different subnet to replace this if needed."
        to:
          - [email protected]
          - resource-owner
        transport:
          type: sqs
          queue: https://sqs.us-east-1.amazonaws.com/XXXXXXXXXXXXX/cloud-custodian-mailer
          region: us-east-1
	policies:

	- name: ec2-subnet-terminate-realtime
	resource: ec2
	mode:
	type: cloudtrail
	events:
	- RunInstances
	description: \|
	Triggered on new EC2 instances that are created and if the
	subnet it is launched in is listed in s3 csv then terminate it.
	filters:
	- type: value
	key: SubnetId
	op: in
	value_from:
	url: s3://your-s3-bucket-here/file-of-subnets.csv
	format: csv2dict
	actions:
	- type: terminate
	force: true
	- type: notify
	template: default.html
	priority_header: 1
	subject: "EC2 - Server Terminated Due To Chosen Subnet - [custodian {{ account }} - {{ region }}]"
	violation_desc: "Your sever was launched in a subnet that is low on IP addresses and has been terminated"
	action_desc: \|
	"Actions Taken: The EC2 instance has been Terminated. A new instance will need to be launched in a different subnet to replace this if needed."
	to:
	- [email protected]
	- event-owner
	transport:
	type: sqs
	queue: https://sqs.us-east-1.amazonaws.com/XXXXXXXXXXXX/cloud-custodian-mailer
	region: us-east-1



	- name: ec2-subnet-terminate-poll
	resource: ec2
	description: \|
	Finds existing EC2 instances that are present in subnets listed in s3 csv that have been launched in last 24 hours and terminate them.
	filters:
	- type: value
	key: SubnetId
	op: in
	value_from:
	url: s3://your-s3-bucket-here/file-of-subnets.csv
	format: csv2dict
	- type: instance-age
	op: less-than
	hours: 24
	actions:
	- type: terminate
	force: true
	- type: notify
	template: default.html
	priority_header: 1
	subject: "EC2 - Server Terminated Due To Chosen Subnet - [custodian {{ account }} - {{ region }}]"
	violation_desc: "Your sever was launched in a subnet that is low on IP addresses and has been terminated"
	action_desc: \|
	"Actions Taken: The EC2 instance has been Terminated. A new instance will need to be launched in a different subnet to replace this if needed."
	to:
	- [email protected]
	- resource-owner
	transport:
	type: sqs
	queue: https://sqs.us-east-1.amazonaws.com/XXXXXXXXXXXXX/cloud-custodian-mailer
	region: us-east-1