Compute the diff from the current resource to a previous version.
A resource matches the filter if a diff exists between the current resource and the selected revision.
Utilizes config as a resource revision database.
Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).
properties: selector: enum: - previous - date - locked selector_value: type: string type: enum: - json-diff required: - type
Permissions - config:GetResourceConfigHistory
Parent base class for filters and actions.
properties: state: type: boolean type: enum: - shield-enabled required: - type
Permissions - shield:ListProtections
Action to release elastic IP address(es)
Use the force option to cause any attached elastic IPs to also be released. Otherwise, only unattached elastic IPs will be released.
policies: - name: release-network-addr resource: network-addr filters: - AllocationId: ... actions: - type: release force: True
properties: force: type: boolean type: enum: - release required: - type
Permissions - ec2:ReleaseAddress, ec2:DisassociateAddress
Enable shield protection on applicable resource.
setting sync parameter will also clear out stale shield protections for resources that no longer exist.
properties: state: type: boolean sync: type: boolean type: enum: - set-shield required: - type
Permissions - shield:CreateProtection, shield:ListProtections