aws.event-rule
Filters
event-rule-target
Filter event rules by their targets
- example:
policies:
- name: find-event-rules-with-no-targets
resource: aws.event-rule
filters:
- type: event-rule-target
key: Arn
value: absent
properties:
default:
type: object
key:
type: string
op:
enum:
- eq
- equal
- ne
- not-equal
- gt
- greater-than
- ge
- gte
- le
- lte
- lt
- less-than
- glob
- regex
- regex-case
- in
- ni
- not-in
- contains
- difference
- intersect
- mod
type:
enum:
- event-rule-target
value:
oneOf:
- type: array
- type: string
- type: boolean
- type: number
- type: 'null'
value_from:
additionalProperties: 'False'
properties:
expr:
oneOf:
- type: integer
- type: string
format:
enum:
- csv
- json
- txt
- csv2dict
headers:
patternProperties:
? ''
: type: string
type: object
query:
type: string
url:
type: string
required:
- url
type: object
value_path:
type: string
value_regex:
type: string
value_type:
enum:
- age
- integer
- expiration
- normalize
- size
- cidr
- cidr_size
- swap
- resource_count
- expr
- unique_size
- date
- version
- float
required:
- type
Permissions - events:ListTargetsByRule
invalid-targets
Filter event rules for invalid targets, Use the all option to find any event rules that have all invalid targets, otherwise defaults to filtering any event rule with at least one invalid target.
- example:
policies:
- name: find-event-rules-with-invalid-targets
resource: aws.event-rule
filters:
- type: invalid-targets
all: true # defaults to false
properties:
all:
default: false
type: boolean
type:
enum:
- invalid-targets
required:
- type
Permissions - events:ListTargetsByRule
json-diff
Compute the diff from the current resource to a previous version.
A resource matches the filter if a diff exists between the current resource and the selected revision.
Utilizes config as a resource revision database.
Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).
properties:
selector:
enum:
- previous
- date
- locked
selector_value:
type: string
type:
enum:
- json-diff
required:
- type
Permissions - config:GetResourceConfigHistory
Actions
delete
Delete an event rule, force target removal with the force option
- example:
policies:
- name: force-delete-rules
resource: aws.event-rule
filters:
- Name: my-event-rule
actions:
- type: delete
force: true
properties:
force:
type: boolean
type:
enum:
- delete
required:
- type
Permissions - events:DeleteRule, events:RemoveTargets, events:ListTargetsByRule
rename-tag
Rename an existing tag key to a new value.
- example:
rename Application, and Bap to App, if a resource has both of the old keys then we’ll use the value specified by Application, which is based on the order of values of old_keys.
policies: - name: rename-tags-example resource: aws.log-group filters: - or: - "tag:Bap": present - "tag:Application": present actions: - type: rename-tag old_keys: [Application, Bap] new_key: App
properties:
new_key:
type: string
old_key:
type: string
old_keys:
items:
type: string
type: array
type:
enum:
- rename-tag
required:
- type
Permissions - tag:TagResources, tag:UntagResources
set-rule-state
This action allows to enable/disable a rule
- example:
policies:
- name: test-rule
resource: aws.event-rule
filters:
- Name: my-event-rule
actions:
- type: set-rule-state
enabled: true
properties:
enabled:
default: true
type: boolean
type:
enum:
- set-rule-state
required:
- type
Permissions - events:EnableRule, events:DisableRule