aws.elastic-ip

Filters

json-diff

Compute the diff from the current resource to a previous version.

A resource matches the filter if a diff exists between the current resource and the selected revision.

Utilizes config as a resource revision database.

Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).

properties:
  selector:
    enum:
    - previous
    - date
    - locked
  selector_value:
    type: string
  type:
    enum:
    - json-diff
required:
- type

Permissions - config:GetResourceConfigHistory

shield-enabled

Base class with helper methods for dealing with ARNs of resources protected by Shield

properties:
  state:
    type: boolean
  type:
    enum:
    - shield-enabled
required:
- type

Permissions - shield:ListProtections

Actions

disassociate

Disassociate elastic IP addresses from resources without releasing them.

example:

policies:
  - name: disassociate-network-addr
    resource: network-addr
    filters:
      - AllocationId: ...
    actions:
      - type: disassociate
properties:
  type:
    enum:
    - disassociate
required:
- type

Permissions - ec2:DisassociateAddress

release

Action to release elastic IP address(es)

Use the force option to cause any attached elastic IPs to also be released. Otherwise, only unattached elastic IPs will be released.

example:

policies:
  - name: release-network-addr
    resource: network-addr
    filters:
      - AllocationId: ...
    actions:
      - type: release
        force: True
properties:
  force:
    type: boolean
  type:
    enum:
    - release
required:
- type

Permissions - ec2:ReleaseAddress, ec2:DisassociateAddress

set-shield

Enable shield protection on applicable resource.

setting sync parameter will also clear out stale shield protections for resources that no longer exist.

properties:
  state:
    type: boolean
  sync:
    type: boolean
  type:
    enum:
    - set-shield
required:
- type

Permissions - shield:CreateProtection, shield:ListProtections