aws.elastic-ip
Filters
json-diff
Compute the diff from the current resource to a previous version.
A resource matches the filter if a diff exists between the current resource and the selected revision.
Utilizes config as a resource revision database.
Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).
properties:
selector:
enum:
- previous
- date
- locked
selector_value:
type: string
type:
enum:
- json-diff
required:
- type
Permissions - config:GetResourceConfigHistory
shield-enabled
Base class with helper methods for dealing with ARNs of resources protected by Shield
properties:
state:
type: boolean
type:
enum:
- shield-enabled
required:
- type
Permissions - shield:ListProtections
Actions
disassociate
Disassociate elastic IP addresses from resources without releasing them.
- example:
policies:
- name: disassociate-network-addr
resource: network-addr
filters:
- AllocationId: ...
actions:
- type: disassociate
properties:
type:
enum:
- disassociate
required:
- type
Permissions - ec2:DisassociateAddress
release
Action to release elastic IP address(es)
Use the force option to cause any attached elastic IPs to also be released. Otherwise, only unattached elastic IPs will be released.
- example:
policies:
- name: release-network-addr
resource: network-addr
filters:
- AllocationId: ...
actions:
- type: release
force: True
properties:
force:
type: boolean
type:
enum:
- release
required:
- type
Permissions - ec2:ReleaseAddress, ec2:DisassociateAddress
set-shield
Enable shield protection on applicable resource.
setting sync parameter will also clear out stale shield protections for resources that no longer exist.
properties:
state:
type: boolean
sync:
type: boolean
type:
enum:
- set-shield
required:
- type
Permissions - shield:CreateProtection, shield:ListProtections