aws.network-acl
Filters
json-diff
Compute the diff from the current resource to a previous version.
A resource matches the filter if a diff exists between the current resource and the selected revision.
Utilizes config as a resource revision database.
Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).
properties:
selector:
enum:
- previous
- date
- locked
selector_value:
type: string
type:
enum:
- json-diff
required:
- type
Permissions - config:GetResourceConfigHistory
s3-cidr
Filter network acls by those that allow access to s3 cidrs.
Defaults to filtering those nacls that do not allow s3 communication.
- example:
Find all nacls that do not allow communication with s3.
policies:
- name: s3-not-allowed-nacl
resource: network-acl
filters:
- s3-cidr
properties:
egress:
default: true
type: boolean
ingress:
default: true
type: boolean
present:
default: false
type: boolean
type:
enum:
- s3-cidr
required:
- type
Permissions - ec2:DescribePrefixLists