aws.network-acl

Filters

json-diff

Compute the diff from the current resource to a previous version.

A resource matches the filter if a diff exists between the current resource and the selected revision.

Utilizes config as a resource revision database.

Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).

properties:
  selector:
    enum:
    - previous
    - date
    - locked
  selector_value:
    type: string
  type:
    enum:
    - json-diff
required:
- type

s3-cidr

Filter network acls by those that allow access to s3 cidrs.

Defaults to filtering those nacls that do not allow s3 communication.

example

Find all nacls that do not allow communication with s3.

policies:
  - name: s3-not-allowed-nacl
    resource: network-acl
    filters:
      - s3-cidr
properties:
  egress:
    default: true
    type: boolean
  ingress:
    default: true
    type: boolean
  present:
    default: false
    type: boolean
  type:
    enum:
    - s3-cidr
required:
- type