Filter IAM groups that have an inline-policy based on boolean value: True: Filter all groups that have an inline-policy attached False: Filter all groups that do not have an inline-policy attached
- name: iam-groups-with-inline-policy resource: iam-group filters: - type: has-inline-policy value: True
properties: type: enum: - has-inline-policy value: type: boolean required: - type
Filter IAM groups that have users attached based on True/False value: True: Filter all IAM groups with users assigned to it False: Filter all IAM groups without any users assigned to it
- name: empty-iam-group resource: iam-group filters: - type: has-users value: False
properties: type: enum: - has-users value: type: boolean required: - type
Compute the diff from the current resource to a previous version.
A resource matches the filter if a diff exists between the current resource and the selected revision.
Utilizes config as a resource revision database.
Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).
properties: selector: enum: - previous - date - locked selector_value: type: string type: enum: - json-diff required: - type