aws.glacier
Filters
cross-account
Filter to return all glacier vaults with cross account access permissions
The whitelist parameter will omit the accounts that match from the return
- example:
Permissions - glacier:GetVaultAccessPolicy
Actions
delete
Action to delete glacier vaults
- example:
policies:
- name: glacier-vault-delete
resource: aws.glacier
filters:
- type: cross-account
actions:
- type: delete
Permissions - glacier:DeleteVault
remove-statements
Action to remove policy statements from Glacier
- example:
policies:
- name: glacier-cross-account
resource: glacier
filters:
- type: cross-account
actions:
- type: remove-statements
statement_ids: matched
Permissions - glacier:SetVaultAccessPolicy, glacier:GetVaultAccessPolicy
rename-tag
Rename an existing tag key to a new value.
- example:
rename Application, and Bap to App, if a resource has both of the old keys then we’ll use the value specified by Application, which is based on the order of values of old_keys.
policies: - name: rename-tags-example resource: aws.log-group filters: - or: - "tag:Bap": present - "tag:Application": present actions: - type: rename-tag old_keys: [Application, Bap] new_key: App
Permissions - tag:TagResources, tag:UntagResources