aws.dms-endpoint
Filters
json-diff
Compute the diff from the current resource to a previous version.
A resource matches the filter if a diff exists between the current resource and the selected revision.
Utilizes config as a resource revision database.
Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).
properties:
selector:
enum:
- previous
- date
- locked
selector_value:
type: string
type:
enum:
- json-diff
required:
- type
Permissions - config:GetResourceConfigHistory
Actions
delete
Delete a DMS endpoint
- example:
policies:
- name: dms-endpoint-no-ssl-delete
resource: dms-endpoint
filters:
- EngineName: mariadb
- SslMode: none
actions:
- delete
properties:
type:
enum:
- delete
required:
- type
Permissions - dms:DeleteEndpoint
modify-endpoint
Modify the attributes of a DMS endpoint
- example:
policies:
- name: dms-endpoint-modify
resource: dms-endpoint
filters:
- EngineName: sqlserver
- SslMode: none
actions:
- type: modify-endpoint
SslMode: require
AWS ModifyEndpoint Documentation https://docs.aws.amazon.com/dms/latest/APIReference/API_ModifyEndpoint.html
properties:
CertificateArn:
type: string
DatabaseName:
type: string
DynamoDbSettings:
additionalProperties: false
properties:
ServiceAccessRoleArn:
type: string
required:
- ServiceAccessRoleArn
type: object
EndpointIdentifier:
type: string
EngineName:
enum:
- mysql
- oracle
- postgres
- mariadb
- aurora
- redshift
- S3
- sybase
- dynamodb
- mongodb
- sqlserver
ExtraConnectionAttributes:
type: string
MongoDbSettings:
additionalProperties: false
properties:
AuthMechanism:
enum:
- default
- mongodb_cr
- scram_sha_1
type: string
AuthSource:
type: string
DatabaseName:
type: string
DocsToInvestigate:
minimum: 1
type: integer
ExtractDocId:
type: string
NestingLevel:
enum:
- NONE
- none
- ONE
- one
type: string
Password:
type: string
Port:
maximum: 65535
minimum: 1
type: integer
ServerName:
type: string
Username:
type: string
type: object
Password:
type: string
Port:
maximum: 65536
minimum: 1
type: integer
S3Settings:
additionalProperties: false
properties:
BucketFolder:
type: string
BucketName:
type: string
CompressionType:
enum:
- none
- gzip
type: string
CsvDelimiter:
type: string
CsvRowDelimiter:
type: string
ExternalTableDefinition:
type: string
ServiceAccessRoleArn:
type: string
type: object
ServerName:
type: string
SslMode:
enum:
- none
- require
- verify-ca
- verify-full
type: string
Username:
type: string
type:
enum:
- modify-endpoint
Permissions - dms:ModifyEndpoint
rename-tag
Rename an existing tag key to a new value.
- example:
rename Application, and Bap to App, if a resource has both of the old keys then we’ll use the value specified by Application, which is based on the order of values of old_keys.
policies: - name: rename-tags-example resource: aws.log-group filters: - or: - "tag:Bap": present - "tag:Application": present actions: - type: rename-tag old_keys: [Application, Bap] new_key: App
properties:
new_key:
type: string
old_key:
type: string
old_keys:
items:
type: string
type: array
type:
enum:
- rename-tag
required:
- type
Permissions - tag:TagResources, tag:UntagResources