aws.cloud-directory

Filters

• event

• finding

• list-item

• marked-for-op

• ops-item

• reduce

• value

Actions

• auto-tag-user

• copy-related-tag

• delete

• disable

• invoke-lambda

• invoke-sfn

• mark-for-op

• notify

• post-finding

• post-item

• put-metric

• remove-tag

• rename-tag

• tag

• webhook

delete

Delete a cloud directory.

policies:
  - name: delete-cloud-directory
    resource: aws.cloud-directory
    filters:
      - Name: test-cloud
    actions:
      - type: delete

properties:
  type:
    enum:
    - delete
required:
- type

Permissions - clouddirectory:DeleteDirectory, clouddirectory:DisableDirectory

disable

Disable a cloud directory.

policies:
  - name: disable-cloud-directory
    resource: aws.cloud-directory
    filters:
      - Name: test-cloud
    actions:
      - type: disable

properties:
  type:
    enum:
    - disable
required:
- type

Permissions - clouddirectory:DisableDirectory

rename-tag

Rename an existing tag key to a new value.

example:

rename Application, and Bap to App, if a resource has both of the old keys then we’ll use the value specified by Application, which is based on the order of values of old_keys.

policies:
- name: rename-tags-example
  resource: aws.log-group
  filters:
    - or:
      - "tag:Bap": present
      - "tag:Application": present
  actions:
    - type: rename-tag
      old_keys: [Application, Bap]
      new_key: App

properties:
  new_key:
    type: string
  old_key:
    type: string
  old_keys:
    items:
      type: string
    type: array
  type:
    enum:
    - rename-tag
required:
- type

Permissions - tag:TagResources, tag:UntagResources