search

cloud-custodian / cloud-custodian

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
https://cloudcustodian.io
Apache License 2.0
5.42k stars 1.48k forks source link

aws - elasticache support t2 snapshots #3334

Closed umitseremet closed 5 years ago

umitseremet commented 5 years ago

Hi,

When I want to create a snapshot for t-type Redis via c7n it can not be created while other types (r and m) can be created. Is there a special reason for that? Because I can create a manual snapshot for all type of Redises but C7N can trigger snapshot just for "r" and "m" type Redises.

In the documentation(https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/backups.html#backups-constraints) it says:

For Redis (cluster mode disabled) clusters, backup and restore are not supported on cache.t1.micro nodes. All other cache node types are supported.

But there is not a negative definition for t2 types and I test t2 type;

Test Redises are totally identical except their types (t vs m)

1- redis-test-t-type -----> cache.t2.micro --------> can NOT be triggered via c7n
2- redis-test-m-type----> cache.m3.medium ----> can be triggered via c7n

Result is snapshots just for m-type one but not for t-type one, although I have tested it for several times:

backup-c7n-redistest-m-type-001-2019-01-10-09-31 | c7n-redistest-m-type-001 | manual | available | 4 MB |  
backup-c7n-redistest-m-type-002-2019-01-10-09-31 | c7n-redistest-m-type-002 | manual | available | 4 MB |  
backup-c7n-redistest-m-type-003-2019-01-10-09-31 | c7n-redistest-m-type-003 | manual | available | 4 MB |

Policy and Local-Run logs are below for my test Redises:

policy

policies:
  - name: elasticache-cluster-snapshot
    resource: cache-cluster
    filters:
      - type: value
        key: CacheClusterStatus
        op: not-in
        value: ["deleted","deleting","creating"]
    actions:
      - snapshot

custodian-run.log

2019-01-10 09:31:34,131 - custodian.policy - INFO - policy: elasticache-cluster-snapshot resource:cache-cluster region:us-east-1 count:6 time:2.40
2019-01-10 09:31:36,948 - custodian.policy - INFO - policy: elasticache-cluster-snapshot action: snapshotelasticachecluster resources: 6 execution_time: 2.80

update: omit json resource files

kapilt commented 5 years ago

it looks like the snapshot action does an implicit filter on instance type and is currently catching all t* instance types, instead of t1. It should be logging any implicit filtering (its not afaics), and it needs to be updated for the check on t2 instance types, per aws recent nov 2018 addition of support for backup/restore/snapshot on t2.

https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatsNew.html