aws.ecs-task-definition

Filters

• config-compliance

• event

• finding

• json-diff

• list-item

• marked-for-op

• ops-item

• reduce

• value

json-diff

Compute the diff from the current resource to a previous version.

A resource matches the filter if a diff exists between the current resource and the selected revision.

Utilizes config as a resource revision database.

Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).

properties:
  selector:
    enum:
    - previous
    - date
    - locked
  selector_value:
    type: string
  type:
    enum:
    - json-diff
required:
- type

Permissions - config:GetResourceConfigHistory

Actions

• auto-tag-user

• copy-related-tag

• delete

• invoke-lambda

• invoke-sfn

• mark-for-op

• notify

• post-finding

• post-item

• put-metric

• remove-tag

• tag

• webhook

delete

Delete/DeRegister a task definition.

The definition will be marked as InActive. Currently running services and task can still reference, new services & tasks can’t.

force is False by default. When given as True, the task definition will be permanently deleted.

policies:
  - name: deregister-task-definition
    resource: ecs-task-definition
    filters:
      - family: test-task-def
    actions:
      - type: delete

  - name: delete-task-definition
    resource: ecs-task-definition
    filters:
      - family: test-task-def
    actions:
      - type: delete
        force: True

properties:
  force:
    type: boolean
  type:
    enum:
    - delete
required:
- type

Permissions - ecs:DeregisterTaskDefinition, ecs:DeleteTaskDefinitions