revolver-config-example.yaml

# yaml-language-server: $schema=revolver-config-schema.json
---
# defaults are applied to each account unless that account specifies something different
defaults:
  settings:
    region: ap-southeast-2
    timezone: Australia/Melbourne
    # Read this tag to see if there's a specific timezone to use for this resource
    timezoneTag: Timezone
    # Role used to query the organizations API to retrieve organizational accounts. Set to 'none' to skip role assumption.
    organizationRoleName: AWSOrganizationsReadOnly
    # Role used to perform resource queries and actions. Set to 'none' to skip role assumption.
    revolverRoleName: ssPowerCycle
    # Log out resources discovered by revolver in to several optional formats
    resourceLog:
      json:
        # Note the JSON format includes all possible data available for the resource
        file: "resources.json"
        # Optional S3 configuration to write the resources file to
        s3:
          bucket: revolver-bucket
          region: ap-southeast-2
          path: output/resources.json
      csv:
        file: "resources.csv"
        # reportTags specifies what resource tags should also be logged out
        reportTags: ["Name", "Schedule"]
      console:
        reportTags: ["Name", "Schedule"]
      html:
        file: report-resource.html

    # Read resources from a JSON generated by resourceLog.json instead of query the cloud API
    # Meant for local testing when developing schedules and filters
    localResourcesFile: local-resources.json
    # Read list of Organisation accounts from a JSON generated by localOrgAccountsWriteFile
    # Meant for local testing when developing schedules and filters
    # localOrgAccountsFile: org-accounts.json
    # Write a list of Organisation accounts to this file.
    # Meant for local testing when developing schedules and filters
    # localOrgAccountsWriteFile: org-accounts.json

    # Log out actions performed by Revolver in to several optional formats
    auditLog:
      console:
      csv:
        file: "audit.csv"
        # If set, append audit log results to the file instead of re-writing it
        append: true
      html:
        file: report-audit.html
      json:
        # Option to write output to an SQS queue
        sqs:
          url: "https://sqs.ap-southeast-2.amazonaws.com/123456789012/sqs-queue"
          # compress messages before sending to queue, defaults to true
          compress: true
          # attributes can be any key/value string pair and are submitted as message attributes for each SQS message
          attributes:
            costCenter: "1234"
            recordId: "0000001"
        # Option to write output to an SNS topic
        sns:
          url: arn:xxx
          # compress messages before sending to queue, defaults to true
          compress: true
          # attributes can be any key/value string pair and are submitted as message attributes for each SQS message
          attributes:
            costCenter: "1234"
            recordId: "0000001"
    # Exclude resources from Revolver processing if they match the filter specified here.
    excludeResources:
      - tag:
          name: "Schedule"
          contains: "ignore"
      - region: "us-east-1"

  drivers:
    - name: ec2
      # Convenience option to disable the driver without removing the configuration
      active: true
      # Set this driver to not actually perform API actions and just log out what would've been done.
      # Useful with auditLog and localResourcesFile for complete local testing.
      pretend: false
    - name: ebs
    - name: snapshot
    - name: rdsInstance
    - name: rdsCluster

  plugins:
    # Plugin to control resource power-cycling without needing to tag resources
    powercycleCentral:
      active: true
      configs:
        # parser used to interpret 'schedule' fields
        - parser: strict
          # Look for this tag on resources to see if they have an explicit schedule set
          availabilityTag: Schedule
          # List of "shorthand" schedules that can be referenced in the matchers
          predefinedSchedules:
            BusinessHours: 'Start=08:00|mon-fri;Stop=18:00|mon-fri'
            EarlyStartBusinessHours: 'Start=05:00|mon-fri;Stop=18:00|mon-fri'
          # Treat that tagged schedule as this priority when determining what schedule to use with the matchers
          availabilityTagPriority: 5
          # List of filter<>schedule pairs to apply schedules to resources matching particular filters.
          matchers:
            # name is used for audit logging and for a human description
            - name: Start fairly important VMs a bit early
              filter:
                - tag: 'Importance|fairly'
                - type: ec2
              schedule: EarlyStartBusinessHours
              priority: 5
            - name: default tagged schedule
              filter:
                - tag: ["CostCentre||equals|1234", "CostCentre|4567"]
                - type: ec2
                - resource: "Placement.AvailabilityZone||contains|ap-southeast"
              schedule: 24x7
              # Highest number priority schedule will be applied if multiple matchers touch the same resource
              priority: 1
            - name: no large instances
              filter:
                or:
                  - resource:
                      path: "InstanceType"
                      regexp: "\\.\\d{0,2}x?large"
                  - resource:
                      path: "InstanceType"
                      regexp: "\\.metal\\-\\d{1,2}xl"
              schedule: "0x7"
              priority: 20
            - name: within australia
              filter:
                resource:
                  path: "Placement.AvailabilityZone | contains(@, 'ap-southeast')"
                  equals: 'true'
              schedule: 24x5
              priority: 10
    # Plugin to power-cycle resources based on a tag set on each resource, typically by the validateTags plugin
    powercycle:
      active: true
      configs:
        - tagging: strict
          availabilityTag: Schedule
    # Plugin to verify if tags are set on all resources and optionally set those tags to a default value if missing
    validateTags:
      active: true
      configs:
        - tag: Name
          tagMissing:
            - copyFromParent
          onlyResourceTypes:
            - ebs
            - snapshot
          tagNotMatch: []
        - tag: Name
          tagMissing:
            - warn
          onlyResourceTypes:
            - ec2
          tagNotMatch: []
        - tag: Schedule
          tagMissing:
            - setDefault: 24x7
          onlyResourceTypes:
            - ec2
            - rdsInstance
            - rdsCluster
          tagNotMatch: []

# List of organizational accounts, used to discover the full account list
organizations:
  - accountId: "000000000000"
    # optional regular expression to filter organization accounts
    accountNameRegex: "-nonprod$"
    settings:
      # All settings from the 'default' section can be specified here to make them specific to all of an organization's accounts
      region: ap-southeast-2
      # Human name reference for the account, no relation to cloud specific account names
      name: eh-global-apse2
  - accountId: "111111111111"
    settings:
      region: eu-west-1
      name: eh-global-euw1

accounts:
  # List of explicit accounts to apply Revolver over
  includeList:
    - accountId: "222222222222"
      # All settings from the 'default' section can be specified here to make them specific to an account
      settings:
        name: whatdev
        revolverRoleName: powerCycleRole
  # List of accounts to exclude from processing, will exclude accounts discovered in the organization if the IDs match.
  excludeList:
    - accountId: "333333333333"
      settings:
        name: whatprod