aws.efs

Filters

• config-compliance

• event

• finding

• health-event

• kms-key

• lifecycle-policy

• marked-for-op

• metrics

• ops-item

• reduce

• tag-count

• value

kms-key

Filter a resource by its associcated kms key and optionally the aliasname of the kms key by using ‘c7n:AliasName’

example

policies:
    - name: efs-kms-key-filters
      resource: efs
      filters:
        - type: kms-key
          key: c7n:AliasName
          value: "^(alias/aws/)"
          op: regex

properties:
  default:
    type: object
  key:
    type: string
  match-resource:
    type: boolean
  op:
    enum:
    - eq
    - equal
    - ne
    - not-equal
    - gt
    - greater-than
    - ge
    - gte
    - le
    - lte
    - lt
    - less-than
    - glob
    - regex
    - regex-case
    - in
    - ni
    - not-in
    - contains
    - difference
    - intersect
  operator:
    enum:
    - and
    - or
  type:
    enum:
    - kms-key
  value:
    oneOf:
    - type: array
    - type: string
    - type: boolean
    - type: number
    - type: 'null'
  value_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      url:
        type: string
    required:
    - url
    type: object
  value_regex:
    type: string
  value_type:
    enum:
    - age
    - integer
    - expiration
    - normalize
    - size
    - cidr
    - cidr_size
    - swap
    - resource_count
    - expr
    - unique_size
    - date
    - version
required:
- type

Permissions - kms:ListKeys, kms:DescribeKey

lifecycle-policy

Filters efs based on the state of lifecycle policies

example

policies:
  - name: efs-filter-lifecycle
    resource: efs
    filters:
      - type: lifecycle-policy
        state: present
        value: AFTER_7_DAYS

properties:
  state:
    enum:
    - present
    - absent
  type:
    enum:
    - lifecycle-policy
  value:
    type: string
required:
- state
- type

Permissions - elasticfilesystem:DescribeLifecycleConfiguration

Actions

• auto-tag-user

• configure-lifecycle-policy

• copy-related-tag

• delete

• invoke-lambda

• invoke-sfn

• mark-for-op

• notify

• post-finding

• post-item

• put-metric

• remove-tag

• tag

• webhook

configure-lifecycle-policy

Enable/disable lifecycle policy for efs.

example

policies:
  - name: efs-apply-lifecycle
    resource: efs
    actions:
      - type: configure-lifecycle-policy
        state: enable
        rules:
          - 'TransitionToIA': 'AFTER_7_DAYS'

properties:
  rules:
    items:
      type: object
    type: array
  state:
    enum:
    - enable
    - disable
  type:
    enum:
    - configure-lifecycle-policy
required:
- state
- type

Permissions - elasticfilesystem:PutLifecycleConfiguration

delete

Parent base class for filters and actions.

properties:
  type:
    enum:
    - delete
required:
- type

Permissions - elasticfilesystem:DescribeMountTargets, elasticfilesystem:DeleteMountTarget, elasticfilesystem:DeleteFileSystem