aws.glacier

Filters

cross-account

Filter to return all glacier vaults with cross account access permissions

The whitelist parameter will omit the accounts that match from the return

example:
properties:
  actions:
    items:
      type: string
    type: array
  everyone_only:
    type: boolean
  type:
    enum:
    - cross-account
  whitelist:
    items:
      type: string
    type: array
  whitelist_conditions:
    items:
      type: string
    type: array
  whitelist_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      headers:
        patternProperties:
          ? ''
          : type: string
        type: object
      url:
        type: string
    required:
    - url
    type: object
  whitelist_orgids:
    items:
      type: string
    type: array
  whitelist_orgids_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      headers:
        patternProperties:
          ? ''
          : type: string
        type: object
      url:
        type: string
    required:
    - url
    type: object
  whitelist_vpc:
    items:
      type: string
    type: array
  whitelist_vpc_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      headers:
        patternProperties:
          ? ''
          : type: string
        type: object
      url:
        type: string
    required:
    - url
    type: object
  whitelist_vpce:
    items:
      type: string
    type: array
  whitelist_vpce_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      headers:
        patternProperties:
          ? ''
          : type: string
        type: object
      url:
        type: string
    required:
    - url
    type: object
required:
- type

Permissions - glacier:GetVaultAccessPolicy

Actions

delete

Action to delete glacier vaults

example:

policies:
  - name: glacier-vault-delete
    resource: aws.glacier
    filters:
      - type: cross-account
    actions:
      - type: delete
properties:
  type:
    enum:
    - delete
required:
- type

Permissions - glacier:DeleteVault

remove-statements

Action to remove policy statements from Glacier

example:

policies:
  - name: glacier-cross-account
    resource: glacier
    filters:
      - type: cross-account
    actions:
      - type: remove-statements
        statement_ids: matched
properties:
  statement_ids:
    oneOf:
    - enum:
      - matched
      - '*'
    - items:
        type: string
      type: array
  type:
    enum:
    - remove-statements
required:
- statement_ids
- type

Permissions - glacier:SetVaultAccessPolicy, glacier:GetVaultAccessPolicy