aws.catalog-portfolio

Filters

cross-account

Check for account ids that the service catalog portfolio is shared with

example

policies:
  - name: catalog-portfolio-cross-account
    resource: aws.catalog-portfolio
    filters:
      - type: cross-account
properties:
  type:
    enum:
    - cross-account
  whitelist:
    items:
      type: string
    type: array
  whitelist_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      url:
        type: string
    required:
    - url
    type: object
required:
- type

Permissions - servicecatalog:ListPortfolioAccess

json-diff

Compute the diff from the current resource to a previous version.

A resource matches the filter if a diff exists between the current resource and the selected revision.

Utilizes config as a resource revision database.

Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).

properties:
  selector:
    enum:
    - previous
    - date
    - locked
  selector_value:
    type: string
  type:
    enum:
    - json-diff
required:
- type

Permissions - config:GetResourceConfigHistory

Actions

delete

Action to delete a Service Catalog Portfolio

example

policies:
  - name: service-catalog-portfolio-delete
    resource: aws.catalog-portfolio
    filters:
      - type: cross-account
    actions:
      - delete
properties:
  type:
    enum:
    - delete
required:
- type

Permissions - servicecatalog:DeletePortfolio

remove-shared-accounts

Action to delete Portfolio share with other accounts

example

policies:
  - name: catalog-portfolio-delete-share
    resource: aws.catalog-portfolio
    filters:
      - type: cross-account
    actions:
      - type: remove-shared-accounts
        accounts: matched

  - name: catalog-portfolio-delete-shared-account
    resource: aws.catalog-portfolio
    filters:
      - type: cross-account
    actions:
      - type: remove-shared-accounts
        accounts: ['123456789123']
properties:
  accounts:
    oneOf:
    - enum:
      - matched
    - items:
        pattern: ^[0-9]{12}$
        type: string
      type: array
  type:
    enum:
    - remove-shared-accounts
required:
- accounts
- type

Permissions - servicecatalog:DeletePortfolioShare