cost-control.yml

# these policies should be run in the region containing your resources

policies:

#==================
# EC2
#==================

# turn instances off during non-business hours
  - name: ec2-stop-instances-offhours
    resource: ec2
    mode:
      type: periodic
      role: arn:aws:iam::842337631775:role/custodian-cost-control
      schedule: "rate(15 minutes)"
    filters:
      - "tag:Custodian": present
      - type: offhour
        tag: offhours
        default_tz: pt
        offhour: 20
    actions:
      - stop

  - name: ec2-start-instances-onhours
    resource: ec2
    mode:
      type: periodic
      role: arn:aws:iam::842337631775:role/custodian-cost-control
      schedule: "rate(15 minutes)"
    filters:
      - "tag:Custodian": present
      - type: onhour
        tag: offhours
        default_tz: pt
        onhour: 8
    actions:
      - start

# scale instance types
  # note: generally, we recommend scaling instances out/in, using autoscaling groups, vs.
  #   scaling instances up/down (making a given instance larger or smaller). However, if
  #   you have folks who tend to over-provision instances, this can be helpful.
  - name: ec2-change-underutilized-instance-type
    resource: ec2
    mode:
      type: periodic
      role: arn:aws:iam::842337631775:role/custodian-cost-control
      schedule: "rate(1 day)"
      # default timeout of 60 seconds isn't long enough to resize
      timeout: 180
    filters:
      - "tag:Custodian": present
      - type: value
        key: "InstanceType"
        op: in
        value:
          - "m4.10xlarge"
          - "m4.4xlarge"
      - type: metrics
        name: CPUUtilization
        value: 30
        op: less-than
        days: 3
        period: 86400
    actions:
      - type: resize
        type-map:
          m4.10xlarge: m4.4xlarge
          m4.4xlarge: m4.2xlarge

# terminate old instances; useful for sandbox/dev accounts
  - name: ec2-terminate-old-instances
    resource: ec2
    mode:
      type: periodic
      role: arn:aws:iam::842337631775:role/custodian-cost-control
      schedule: "rate(1 day)"
    comment: |
      # Terminate all instances that are tagged Custodian, and older than 30 days
    filters:
      - "tag:Custodian": present
      - type: instance-age
        days: 30
    actions:
      - terminate
      - type: notify
        template: default
        subject: 'Old EC2 instance terminated'
        to:
          - arn:aws:sns:us-west-2:842337631775:cloud-custodian-mailer
        transport:
          type: sqs
          queue: https://sqs.us-west-2.amazonaws.com/842337631775/cloud-custodian-mailer

# delete unattached EBS volumes; useful for sandbox/dev accounts
  - name: ebs-delete-unattached-volumes
    resource: ebs
    mode:
      type: periodic
      role: arn:aws:iam::842337631775:role/custodian-cost-control
      schedule: "rate(1 day)"
    filters:
      - "tag:Custodian": present
      - Attachments: []
    actions:
      - delete