Compute the diff from the current resource to a previous version.
A resource matches the filter if a diff exists between the current resource and the selected revision.
Utilizes config as a resource revision database.
Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).
properties: selector: enum: - previous - date - locked selector_value: type: string type: enum: - json-diff required: - type
Permissions - config:GetResourceConfigHistory
Action to delete an ACM Certificate To avoid unwanted deletions of certificates, it is recommended to apply a filter to the rule :example:
policies: - name: acm-certificate-delete-expired resource: acm-certificate filters: - type: value key: NotAfter value_type: expiration op: lt value: 0 actions: - delete
properties: type: enum: - delete required: - type
Permissions - acm:DeleteCertificate