aws.key-pair
Filters
unused
Filter for used or unused keys.
The default is unused but can be changed by using the state property.
- example:
policies:
- name: unused-key-pairs
resource: aws.key-pair
filters:
- unused
- name: used-key-pairs
resource: aws.key-pair
filters:
- type: unused
state: false
properties:
state:
type: boolean
type:
enum:
- unused
required:
- type
Permissions - autoscaling:DescribeAutoScalingGroups, autoscaling:DescribeTags, autoscaling:DescribeLaunchConfigurations, ec2:DescribeInstances, ec2:DescribeTags, ec2:DescribeTags
Actions
delete
Delete all ec2 keys that are not in use
This should always be used with the unused filter and it will prevent you from using without it.
- example:
policies:
- name: delete-unused-key-pairs
resource: aws.key-pair
filters:
- unused
actions:
- delete
properties:
type:
enum:
- delete
required:
- type
Permissions - ec2:DeleteKeyPair