aws.glue-dev-endpoint¶
Filters¶
security-config¶
Filters glue crawlers with security configurations
- example:
policies:
- name: need-kms-cloudwatch
resource: glue-crawler
filters:
- type: security-config
key: EncryptionConfiguration.CloudWatchEncryption.CloudWatchEncryptionMode
op: ne
value: SSE-KMS
To find resources missing any security configuration all set missing: true on the filter.
properties:
default:
type: object
key:
type: string
missing:
default: false
type: boolean
op:
enum:
- eq
- equal
- ne
- not-equal
- gt
- greater-than
- ge
- gte
- le
- lte
- lt
- less-than
- glob
- regex
- regex-case
- in
- ni
- not-in
- contains
- difference
- intersect
type:
enum:
- security-config
value:
oneOf:
- type: array
- type: string
- type: boolean
- type: number
- type: 'null'
value_from:
additionalProperties: 'False'
properties:
expr:
oneOf:
- type: integer
- type: string
format:
enum:
- csv
- json
- txt
- csv2dict
headers:
patternProperties:
? ''
: type: string
type: object
url:
type: string
required:
- url
type: object
value_path:
type: string
value_regex:
type: string
value_type:
enum:
- age
- integer
- expiration
- normalize
- size
- cidr
- cidr_size
- swap
- resource_count
- expr
- unique_size
- date
- version
required:
- type
Permissions - glue:GetSecurityConfigurations
Actions¶
delete¶
Deletes public Glue Dev Endpoints
- example:
policies:
- name: delete-public-dev-endpoints
resource: glue-dev-endpoint
filters:
- PublicAddress: present
actions:
- type: delete
properties:
type:
enum:
- delete
required:
- type
Permissions - glue:DeleteDevEndpoint