aws.cfn

Filters

json-diff

Compute the diff from the current resource to a previous version.

A resource matches the filter if a diff exists between the current resource and the selected revision.

Utilizes config as a resource revision database.

Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).

properties:
  selector:
    enum:
    - previous
    - date
    - locked
  selector_value:
    type: string
  type:
    enum:
    - json-diff
required:
- type

Actions

delete

Action to delete cloudformation stacks

It is recommended to use a filter to avoid unwanted deletion of stacks

example

policies:
  - name: cloudformation-delete-failed-stacks
    resource: cfn
    filters:
      - StackStatus: ROLLBACK_COMPLETE
    actions:
      - delete
properties:
  type:
    enum:
    - delete
required:
- type

set-protection

Action to disable termination protection

It is recommended to use a filter to avoid unwanted deletion of stacks

example

policies:
  - name: cloudformation-disable-protection
    resource: cfn
    filters:
      - StackStatus: CREATE_COMPLETE
    actions:
      - type: set-protection
        state: False
properties:
  state:
    default: false
    type: boolean
  type:
    enum:
    - set-protection
required:
- type