cloud-custodian: Set VPC Flow log error - "state" attribute
I am trying to design a policy to enable VPC flow logs for all VPC that does not have it enabled. The policy is:
policies:
- name: enable-vpc-flow-logs
resource: vpc
comments: |
Enables VPC flow logs
mode:
execution-options:
log_group: /aws/enable-vpc-flow-logs/resources
role: arn:aws:iam::{account_id}:role/CloudCustodianExecutionRole
type: periodic
schedule: "rate(2 minutes)"
filters:
- type: flow-logs
enabled: false
actions:
- type: set-flow-log
DeliverLogsPermissionArn: arn:aws:iam::${ACCOUNT}:role/role
LogGroupName: /custodian/vpc/flowlogs/
TrafficType: ALL
state: true
However i am getting the following error, not sure why even when i am passing the state information:
START RequestId: bd7b329c-d677-11e8-8925-01840da49e11 Version: $LATEST
[INFO] 2018-10-23T03:57:20.426Z bd7b329c-d677-11e8-8925-01840da49e11 Processing event
{
"account": "[sanitized]",
"region": "us-east-1",
"detail": {},
"detail-type": "Scheduled Event",
"source": "aws.events",
"version": "0",
"time": "2018-10-23T03:56:45Z",
"debug": true,
"id": "a83eb09d-de5e-2155-62ef-24490c335d43",
"resources": [
"arn:aws:events:us-east-1:8[sanitized]:rule/custodian-enable-vpc-flow-logs"
]
}
[DEBUG] 2018-10-23T03:57:20.427Z bd7b329c-d677-11e8-8925-01840da49e11 Storing output with <CloudWatchLogOutput to group:/aws/enable-vpc-flow-logs/resources stream:enable-vpc-flow-logs>
[DEBUG] 2018-10-23T03:57:20.899Z bd7b329c-d677-11e8-8925-01840da49e11 Running policy enable-vpc-flow-logs resource: vpc region:us-east-1 c7n:0.8.31.2
[DEBUG] 2018-10-23T03:57:21.312Z bd7b329c-d677-11e8-8925-01840da49e11 Filtered from 1 to 1 vpc
[INFO] 2018-10-23T03:57:21.312Z bd7b329c-d677-11e8-8925-01840da49e11 policy: enable-vpc-flow-logs resource:vpc region:us-east-1 count:1 time:0.25
[DEBUG] 2018-10-23T03:57:21.321Z bd7b329c-d677-11e8-8925-01840da49e11 metric:ResourceCount Count:1 policy:enable-vpc-flow-logs restype:vpc scope:policy
[DEBUG] 2018-10-23T03:57:21.321Z bd7b329c-d677-11e8-8925-01840da49e11 metric:PolicyException Count:1 policy:enable-vpc-flow-logs restype:vpc
[DEBUG] 2018-10-23T03:57:21.321Z bd7b329c-d677-11e8-8925-01840da49e11 metric:ApiCalls Count:0 policy:enable-vpc-flow-logs restype:vpc
[ERROR] 2018-10-23T03:57:21.522Z bd7b329c-d677-11e8-8925-01840da49e11 Error while executing policy
Traceback (most recent call last):
File "/var/task/c7n/policy.py", line 273, in run
results = a.process(resources)
File "/var/task/c7n/resources/vpc.py", line 1810, in process
if not self.state:
AttributeError: 'CreateFlowLogs' object has no attribute 'state'
'CreateFlowLogs' object has no attribute 'state': AttributeError
Traceback (most recent call last):
File "/var/task/custodian_policy.py", line 4, in run
return handler.dispatch_event(event, context)
File "/var/task/c7n/handler.py", line 91, in dispatch_event
p.push(event, context)
File "/var/task/c7n/policy.py", line 834, in push
return mode.run(event, lambda_ctx)
File "/var/task/c7n/policy.py", line 516, in run
return PullMode.run(self)
File "/var/task/c7n/policy.py", line 273, in run
results = a.process(resources)
File "/var/task/c7n/resources/vpc.py", line 1810, in process
if not self.state:
AttributeError: 'CreateFlowLogs' object has no attribute 'state'
END RequestId: bd7b329c-d677-11e8-8925-01840da49e11
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 15 (3 by maintainers)
I think I see the issue, pr coming shortly