standard
turbot/aws_thrifty
- Detect & correct DynamoDB table with stale data
- Detect & correct EBS snapshots exceeding max age
- Detect & correct EBS volumes attached to stopped instances
- Detect & correct EBS volumes exceeding max size
- Detect & correct EBS volumes if unattached
- Detect & correct EBS volumes using gp2
- Detect & correct EBS volumes using io1
- Detect & correct EBS volumes with low IOPS
- Detect & correct EBS volumes with low usage
- Detect & correct EC2 application load balancers if unused
- Detect & correct EC2 classic load balancers if unused
- Detect & correct EC2 gateway load balancers if unused
- Detect & correct EC2 instances exceeding max age
- Detect & correct EC2 instances large
- Detect & correct EC2 instances of older generation
- Detect & correct EC2 instances without graviton
- Detect & correct EC2 network load balancers if unused
- Detect & correct EKS node groups without graviton
- Detect & correct Elasticache clusters exceeding max age
- Detect & correct EMR Clusters idle 30 mins
- Detect & correct Lambda functions without graviton
- Detect & correct RDS DB instances exceeding max age
- Detect & correct RDS DB instances of older generation
- Detect & correct RDS DB instances with low connection count
- Detect & correct RDS DB instances without graviton processor
- Detect & correct Route53 health checks if unused
- Detect & correct Route53 records with lower TTL
- Detect & correct S3 buckets without lifecycle policy
- Detect & correct SecretsManager secrets if unused
- Detect & correct VPC EIPs if unattached
- Detect & correct VPC NAT gateways if unused
Get Involved
Version
Overview
S3 Buckets without a lifecycle policy will not move objects between storage layers or expire objects, causing them to remain in their initial tier perpetually, this is inefficient and can be costly.
This query trigger detects S3 buckets which do not have a lifecycle policy attached and then either sends a notification or attempts to perform a predefined corrective action.
Getting Started
By default, this trigger is disabled, however it can be configured by setting the below variables
s3_buckets_without_lifecycle_policy_trigger_enabled
should be set totrue
as the default isfalse
.s3_buckets_without_lifecycle_policy_trigger_schedule
should be set to your desired running schedules3_buckets_without_lifecycle_policy_default_action
should be set to your desired action (i.e."notify"
for notifications or"apply_lifecycle_configuration"
to apply the policy).s3_buckets_without_lifecycle_policy_default_lifecycle_configuration
should be set to your desired lifecycle configuration ifs3_buckets_without_lifecycle_policy_default_action
is set to"apply_lifecycle_configuration"
.
Then starting the server:
flowpipe server
or if you've set the variables in a .fpvars
file:
flowpipe server --var-file=/path/to/your.fpvars
Query
select concat(name, ' [', account_id, ']') as title, name, region, sp_connection_name as connfrom aws_s3_bucketwhere lifecycle_rules is null;
Schedule
15m
Tags
category = Cost
class = managed
plugin = aws
service = AWS/S3