CLOUDCUSTODIAN

Icon

Icon 1 9 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: azure-c7n-codecollection


Count Virtual machines that are publicly accessible, have high CPU usage, underutilized memory, stopped state, unused network interfaces, and unused public IPs in Azure

Tasks:
  • Check for VMs With Public IP in resource group `${AZURE_RESOURCE_GROUP}` in Azure Subscription `${AZURE_SUBSCRIPTION_NAME}`
  • Check for VMs With High CPU Usage in resource group `${AZURE_RESOURCE_GROUP}` in Subscription `${AZURE_SUBSCRIPTION_NAME}`
  • Check for Stopped VMs in resource group `${AZURE_RESOURCE_GROUP}` in Subscription `${AZURE_SUBSCRIPTION_NAME}`
  • Check for Underutilized VMs Based on CPU Usage in resource group `${AZURE_RESOURCE_GROUP}` in Subscription `${AZURE_SUBSCRIPTION_NAME}`
  • Check for VMs With High Memory Usage in resource group `${AZURE_RESOURCE_GROUP}` in Subscription `${AZURE_SUBSCRIPTION_NAME}`
  • Check for Underutilized VMs Based on Memory Usage in resource group `${AZURE_RESOURCE_GROUP}` in Subscription `${AZURE_SUBSCRIPTION_NAME}`
  • Check for Unused Network Interfaces in resource group `${AZURE_RESOURCE_GROUP}` in Subscription `${AZURE_SUBSCRIPTION_NAME}`
  • Check for Unused Public IPs in resource group `${AZURE_RESOURCE_GROUP}` in Subscription `${AZURE_SUBSCRIPTION_NAME}`
  • Generate Health Score

Icon 1 8 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: azure-c7n-codecollection


List Virtual machines that are publicly accessible, have high CPU usage, underutilized memory, stopped state, unused network interfaces, and unused public IPs in Azure

Tasks:
  • List VMs With Public IP in resource group `AZURE_RESOURCE_GROUP` in Azure Subscription `AZURE_SUBSCRIPTION_NAME`
  • List for Stopped VMs in resource group `AZURE_RESOURCE_GROUP` in Subscription `AZURE_SUBSCRIPTION_NAME`
  • List VMs With High CPU Usage in resource group `AZURE_RESOURCE_GROUP` in Subscription `AZURE_SUBSCRIPTION_NAME`
  • List Underutilized VMs Based on CPU Usage in resource group `AZURE_RESOURCE_GROUP` in Subscription `AZURE_SUBSCRIPTION_NAME`
  • List VMs With High Memory Usage in resource group `AZURE_RESOURCE_GROUP` in Subscription `AZURE_SUBSCRIPTION_NAME`
  • List Underutilized VMs Based on Memory Usage in resource group `AZURE_RESOURCE_GROUP` in Subscription `AZURE_SUBSCRIPTION_NAME`
  • List Unused Network Interfaces in resource group `AZURE_RESOURCE_GROUP` in Subscription `AZURE_SUBSCRIPTION_NAME`
  • List Unused Public IPs in resource group `AZURE_RESOURCE_GROUP` in Subscription `AZURE_SUBSCRIPTION_NAME`

Icon 1 4 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Check AWS Monitoring Configuration Health

Tasks:
  • Check CloudWatch Log Groups Without Retention Period in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Check if CloudTrail exists and is configured for multi-region in AWS Region `${AWS_REGION}` in AWS Account `${AWS_ACCOUNT_ID}`
  • Check CloudTrail Without CloudWatch Logs in AWS Region `${AWS_REGION}` in AWS Account `${AWS_ACCOUNT_ID}`
  • Generate Health Score

Icon 1 3 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Check AWS Monitoring Configuration Health

Tasks:
  • List CloudWatch Log Groups Without Retention Period in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
  • Check CloudTrail Configuration in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
  • Check for CloudTrail integration with CloudWatch Logs in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`

Icon 1 6 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Count AWS ACM certificates that are unused, Expiring, or expired and failed status.

Tasks:
  • Check for unused ACM certificates in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Check for Expiring ACM certificates in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Check for expired ACM certificates in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Check for Failed Status ACM Certificates in AWS Region `${AWS_REGION}` in AWS Account `${AWS_ACCOUNT_ID}`
  • Check for Pending Validation ACM Certificates in AWS Region `${AWS_REGION}` in AWS Account `${AWS_ACCOUNT_ID}`
  • Generate Health Score

Icon 1 5 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


List AWS ACM certificates that are unused, Expiring, or expired and failed status.

Tasks:
  • List Unused ACM Certificates in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
  • List Expiring ACM Certificates in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
  • List Expired ACM Certificates in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
  • List Failed Status ACM Certificates in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
  • List Pending Validation ACM Certificates in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`

Icon 1 4 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Check AWS RDS instances that are unencrypted, publicly accessible, or have backups disabled.

Tasks:
  • Check for unencrypted RDS instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Check for publicly accessible RDS instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Check for disabled backup RDS instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Generate Health Score

Icon 1 3 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


List AWS RDS instances that are unencrypted, publicly accessible, or have backups disabled.

Tasks:
  • List Unencrypted RDS Instances in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
  • List Publicly Accessible RDS Instances in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
  • List RDS Instances with Backups Disabled in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`

Icon 1 4 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Count the number of EC2 instances that are stale or stopped

Tasks:
  • Check for stale AWS EC2 instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Check for stopped AWS EC2 instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Check for invalid AWS Auto Scaling Groups in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Generate Health Score

Icon 1 3 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Check for EC2 instances that are stale or stopped

Tasks:
  • List stale AWS EC2 instances in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
  • List stopped AWS EC2 instances in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
  • List invalid AWS Auto Scaling Groups in AWS Region AWS_REGION in AWS account AWS_ACCOUNT_ID

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by stewartshea

Icon 2 Codecollection: aws-c7n-codecollection


Counts the number of S3 buckets in an Account that are insecure or unhealthy.

Tasks:
  • Count S3 Buckets With Public Access in AWS Account `${AWS_ACCOUNT_NAME}`

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by stewartshea

Icon 2 Codecollection: aws-c7n-codecollection


Generates a report on S3 buckets in an Account that are insecure or unhealthy.

Tasks:
  • List S3 Buckets With Public Access in AWS Account `AWS_ACCOUNT_NAME`

Icon 1 4 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Counts the number of EBS resources by identifying unattached volumes, unused and aged snapshots, and unencrypted volumes.

Tasks:
  • Check Unattached EBS Volumes in `${AWS_REGION}`
  • Check Unencrypted EBS Volumes in `${AWS_REGION}`
  • Check Unused EBS Snapshots in `${AWS_REGION}`
  • Generate EBS Score

Icon 1 3 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Check for AWS EBS resources by identifying unattached volumes, unused snapshots, and unencrypted volumes.

Tasks:
  • List Unattached EBS Volumes in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
  • List Unencrypted EBS Volumes in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
  • List Unused EBS Snapshots in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`

Icon 1 5 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Count publicly accessible security groups, unused EIPs, unused ELBs, and VPCs with flow logs disabled

Tasks:
  • Check for publicly accessible security groups in AWS account `${AWS_ACCOUNT_ID}`
  • Check for unused Elastic IPs in AWS account `${AWS_ACCOUNT_ID}`
  • Check for unused ELBs in AWS account `${AWS_ACCOUNT_ID}`
  • Check for VPCs with Flow Logs disabled in AWS account `${AWS_ACCOUNT_ID}`
  • Generate Health Score

Icon 1 4 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


List publicly accessible security groups, unused EIPs, unused ELBs, and VPCs with flow logs disabled

Tasks:
  • List Publicly Accessible Security Groups in AWS account `AWS_ACCOUNT_ID`
  • List unused Elastic IPs in AWS account `AWS_ACCOUNT_ID`
  • List unused ELBs in AWS account `AWS_ACCOUNT_ID`
  • List VPCs with Flow Logs Disabled in AWS account `AWS_ACCOUNT_ID`