aws.dms-endpoint

Filters

json-diff

Compute the diff from the current resource to a previous version.

A resource matches the filter if a diff exists between the current resource and the selected revision.

Utilizes config as a resource revision database.

Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).

properties:
  selector:
    enum:
    - previous
    - date
    - locked
  selector_value:
    type: string
  type:
    enum:
    - json-diff
required:
- type

Permissions - config:GetResourceConfigHistory

Actions

delete

Delete a DMS endpoint

example:

policies:
  - name: dms-endpoint-no-ssl-delete
    resource: dms-endpoint
    filters:
      - EngineName: mariadb
      - SslMode: none
    actions:
      - delete
properties:
  type:
    enum:
    - delete
required:
- type

Permissions - dms:DeleteEndpoint

modify-endpoint

Modify the attributes of a DMS endpoint

example:

policies:
  - name: dms-endpoint-modify
    resource: dms-endpoint
    filters:
      - EngineName: sqlserver
      - SslMode: none
    actions:
      - type: modify-endpoint
        SslMode: require

AWS ModifyEndpoint Documentation https://docs.aws.amazon.com/dms/latest/APIReference/API_ModifyEndpoint.html

properties:
  CertificateArn:
    type: string
  DatabaseName:
    type: string
  DynamoDbSettings:
    additionalProperties: false
    properties:
      ServiceAccessRoleArn:
        type: string
    required:
    - ServiceAccessRoleArn
    type: object
  EndpointIdentifier:
    type: string
  EngineName:
    enum:
    - mysql
    - oracle
    - postgres
    - mariadb
    - aurora
    - redshift
    - S3
    - sybase
    - dynamodb
    - mongodb
    - sqlserver
  ExtraConnectionAttributes:
    type: string
  MongoDbSettings:
    additionalProperties: false
    properties:
      AuthMechanism:
        enum:
        - default
        - mongodb_cr
        - scram_sha_1
        type: string
      AuthSource:
        type: string
      DatabaseName:
        type: string
      DocsToInvestigate:
        minimum: 1
        type: integer
      ExtractDocId:
        type: string
      NestingLevel:
        enum:
        - NONE
        - none
        - ONE
        - one
        type: string
      Password:
        type: string
      Port:
        maximum: 65535
        minimum: 1
        type: integer
      ServerName:
        type: string
      Username:
        type: string
    type: object
  Password:
    type: string
  Port:
    maximum: 65536
    minimum: 1
    type: integer
  S3Settings:
    additionalProperties: false
    properties:
      BucketFolder:
        type: string
      BucketName:
        type: string
      CompressionType:
        enum:
        - none
        - gzip
        type: string
      CsvDelimiter:
        type: string
      CsvRowDelimiter:
        type: string
      ExternalTableDefinition:
        type: string
      ServiceAccessRoleArn:
        type: string
    type: object
  ServerName:
    type: string
  SslMode:
    enum:
    - none
    - require
    - verify-ca
    - verify-full
    type: string
  Username:
    type: string
  type:
    enum:
    - modify-endpoint

Permissions - dms:ModifyEndpoint

rename-tag

Rename an existing tag key to a new value.

example:

rename Application, and Bap to App, if a resource has both of the old keys then we’ll use the value specified by Application, which is based on the order of values of old_keys.

policies:
- name: rename-tags-example
  resource: aws.log-group
  filters:
    - or:
      - "tag:Bap": present
      - "tag:Application": present
  actions:
    - type: rename-tag
      old_keys: [Application, Bap]
      new_key: App
properties:
  new_key:
    type: string
  old_key:
    type: string
  old_keys:
    items:
      type: string
    type: array
  type:
    enum:
    - rename-tag
required:
- type

Permissions - tag:TagResources, tag:UntagResources