aws.iam-group¶

Filters¶

check-permissions

config-compliance

event

finding

has-inline-policy

has-users

json-diff

ops-item

usage

value

has-inline-policy¶

Filter IAM groups that have an inline-policy based on boolean value: True: Filter all groups that have an inline-policy attached False: Filter all groups that do not have an inline-policy attached

example

- name: iam-groups-with-inline-policy
  resource: iam-group
  filters:
    - type: has-inline-policy
      value: True

properties:
  type:
    enum:
    - has-inline-policy
  value:
    type: boolean
required:
- type

has-users¶

Filter IAM groups that have users attached based on True/False value: True: Filter all IAM groups with users assigned to it False: Filter all IAM groups without any users assigned to it

example

- name: empty-iam-group
  resource: iam-group
  filters:
    - type: has-users
      value: False

properties:
  type:
    enum:
    - has-users
  value:
    type: boolean
required:
- type

json-diff¶

Compute the diff from the current resource to a previous version.

A resource matches the filter if a diff exists between the current resource and the selected revision.

Utilizes config as a resource revision database.

Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).

properties:
  selector:
    enum:
    - previous
    - date
    - locked
  selector_value:
    type: string
  type:
    enum:
    - json-diff
required:
- type

Actions¶

invoke-lambda

invoke-sfn

notify

post-finding

post-item

put-metric

webhook