aws.key-pair

Filters

unused

Filter for used or unused keys.

The default is unused but can be changed by using the state property.

example:

policies:
  - name: unused-key-pairs
    resource: aws.key-pair
    filters:
      - unused
  - name: used-key-pairs
    resource: aws.key-pair
    filters:
      - type: unused
        state: false
properties:
  state:
    type: boolean
  type:
    enum:
    - unused
required:
- type

Permissions - autoscaling:DescribeAutoScalingGroups, autoscaling:DescribeTags, autoscaling:DescribeLaunchConfigurations, ec2:DescribeInstances, ec2:DescribeTags, ec2:DescribeTags

Actions

delete

Delete all ec2 keys that are not in use

This should always be used with the unused filter and it will prevent you from using without it.

example:

policies:
  - name: delete-unused-key-pairs
    resource: aws.key-pair
    filters:
      - unused
    actions:
      - delete
properties:
  type:
    enum:
    - delete
required:
- type

Permissions - ec2:DeleteKeyPair