aws.acm-certificate¶
Filters¶
json-diff¶
Compute the diff from the current resource to a previous version.
A resource matches the filter if a diff exists between the current resource and the selected revision.
Utilizes config as a resource revision database.
Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).
properties:
selector:
enum:
- previous
- date
- locked
selector_value:
type: string
type:
enum:
- json-diff
required:
- type
Permissions - config:GetResourceConfigHistory
Actions¶
delete¶
Action to delete an ACM Certificate To avoid unwanted deletions of certificates, it is recommended to apply a filter to the rule :example:
policies:
- name: acm-certificate-delete-expired
resource: acm-certificate
filters:
- type: value
key: NotAfter
value_type: expiration
op: lt
value: 0
actions:
- delete
properties:
type:
enum:
- delete
required:
- type
Permissions - acm:DeleteCertificate