aws.network-acl

Filters

json-diff

Compute the diff from the current resource to a previous version.

A resource matches the filter if a diff exists between the current resource and the selected revision.

Utilizes config as a resource revision database.

Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).

properties:
  selector:
    enum:
    - previous
    - date
    - locked
  selector_value:
    type: string
  type:
    enum:
    - json-diff
required:
- type

Permissions - config:GetResourceConfigHistory

s3-cidr

Filter network acls by those that allow access to s3 cidrs.

Defaults to filtering those nacls that do not allow s3 communication.

example:

Find all nacls that do not allow communication with s3.

policies:
  - name: s3-not-allowed-nacl
    resource: network-acl
    filters:
      - s3-cidr
properties:
  egress:
    default: true
    type: boolean
  ingress:
    default: true
    type: boolean
  present:
    default: false
    type: boolean
  type:
    enum:
    - s3-cidr
required:
- type

Permissions - ec2:DescribePrefixLists

Actions