Compute the diff from the current resource to a previous version.
A resource matches the filter if a diff exists between the current resource and the selected revision.
Utilizes config as a resource revision database.
Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).
properties: selector: enum: - previous - date - locked selector_value: type: string type: enum: - json-diff required: - type
Permissions - config:GetResourceConfigHistory
Filter network acls by those that allow access to s3 cidrs.
Defaults to filtering those nacls that do not allow s3 communication.
Find all nacls that do not allow communication with s3.
policies: - name: s3-not-allowed-nacl resource: network-acl filters: - s3-cidr
properties: egress: default: true type: boolean ingress: default: true type: boolean present: default: false type: boolean type: enum: - s3-cidr required: - type
Permissions - ec2:DescribePrefixLists