aws.kafka

Filters

config-compliance

event

finding

json-diff

kms-key

list-item

marked-for-op

ops-item

reduce

security-group

subnet

value

json-diff

Compute the diff from the current resource to a previous version.

A resource matches the filter if a diff exists between the current resource and the selected revision.

Utilizes config as a resource revision database.

Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).

Permissions - config:GetResourceConfigHistory

kms-key

Filter a kafka cluster’s data-volume encryption by its associcated kms key and optionally the aliasname of the kms key by using ‘c7n:AliasName’

example:

policies:
  - name: kafka-kms-key-filter
    resource: kafka
    filters:
      - type: kms-key
        key: c7n:AliasName
        value: alias/aws/kafka

Permissions - kms:ListKeys, tag:GetResources, kms:ListResourceTags, kms:DescribeKey

Actions

auto-tag-user

copy-related-tag

delete

invoke-lambda

invoke-sfn

mark-for-op

notify

post-finding

post-item

put-metric

remove-tag

rename-tag

set-monitoring

tag

webhook

delete

Parent base class for filters and actions.

Permissions - kafka:DeleteCluster

rename-tag

Rename an existing tag key to a new value.

example:

rename Application, and Bap to App, if a resource has both of the old keys then we’ll use the value specified by Application, which is based on the order of values of old_keys.

policies:
- name: rename-tags-example
  resource: aws.log-group
  filters:
    - or:
      - "tag:Bap": present
      - "tag:Application": present
  actions:
    - type: rename-tag
      old_keys: [Application, Bap]
      new_key: App

Permissions - tag:TagResources, tag:UntagResources

set-monitoring

Parent base class for filters and actions.

Permissions - kafka:UpdateClusterConfiguration