aws.acm-certificate

Filters

json-diff

Compute the diff from the current resource to a previous version.

A resource matches the filter if a diff exists between the current resource and the selected revision.

Utilizes config as a resource revision database.

Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).

properties:
  selector:
    enum:
    - previous
    - date
    - locked
  selector_value:
    type: string
  type:
    enum:
    - json-diff
required:
- type

Permissions - config:GetResourceConfigHistory

Actions

delete

Action to delete an ACM Certificate To avoid unwanted deletions of certificates, it is recommended to apply a filter to the rule :example:

policies:
  - name: acm-certificate-delete-expired
    resource: acm-certificate
    filters:
      - type: value
        key: NotAfter
        value_type: expiration
        op: lt
        value: 0
    actions:
      - delete
properties:
  type:
    enum:
    - delete
required:
- type

Permissions - acm:DeleteCertificate