aws.opensearch-injestion¶
Filters¶
kms-key¶
Filter a resource by its associated kms key and optionally the aliasname of the kms key by using ‘c7n:AliasName’
- example:
Match a specific key alias:
policies: - name: dms-encrypt-key-check resource: dms-instance filters: - type: kms-key key: "c7n:AliasName" value: alias/aws/dms
Or match against native key attributes such as KeyManager
, which
more explicitly distinguishes between AWS
and CUSTOMER
-managed
keys. The above policy can also be written as:
policies: - name: dms-aws-managed-key resource: dms-instance filters: - type: kms-key key: KeyManager value: AWS
properties:
default:
type: object
key:
type: string
match-resource:
type: boolean
op:
enum:
- eq
- equal
- ne
- not-equal
- gt
- greater-than
- ge
- gte
- le
- lte
- lt
- less-than
- glob
- regex
- regex-case
- in
- ni
- not-in
- contains
- difference
- intersect
- mod
operator:
enum:
- and
- or
type:
enum:
- kms-key
value:
oneOf:
- type: array
- type: string
- type: boolean
- type: number
- type: 'null'
value_from:
additionalProperties: 'False'
properties:
expr:
oneOf:
- type: integer
- type: string
format:
enum:
- csv
- json
- txt
- csv2dict
headers:
patternProperties:
? ''
: type: string
type: object
query:
type: string
url:
type: string
required:
- url
type: object
value_path:
type: string
value_regex:
type: string
value_type:
enum:
- age
- integer
- expiration
- normalize
- size
- cidr
- cidr_size
- swap
- resource_count
- expr
- unique_size
- date
- version
- float
required:
- type
Permissions - kms:ListKeys, tag:GetResources, kms:ListResourceTags, kms:DescribeKey
Actions¶
delete¶
Delete an OpenSearch Injestion Pipeline
- example:
policies:
- name: delete-opensearch-injestion
resource: opensearch-injestion
actions:
- type: delete
properties:
type:
enum:
- delete
required:
- type
Permissions - osis:DeletePipeline
stop¶
Stops an Opensearch Injestion Pipeline
- example:
policies:
- name: stop-osis-pipeline
resource: opensearch-injestion
filters:
- PipelineName: c7n-pipeline-1
actions:
- stop
properties:
type:
enum:
- stop
required:
- type
Permissions - osis:StopPipeline
update¶
Modifies MinUnits, MaxUnits, LogPublishingOptions, BufferOptions, and EncryptionAtRestOptions for a given Opensearch Injestion pipeline.
- example:
policies:
- name: update-pipeline
resource: aws.opensearch-injestion
actions:
- type: update
LogPublishingOptions:
IsLoggingEnabled: true
CloudWatchLogDestination:
LogGroup: c7n-log-group
BufferOptions:
PersistentBufferEnabled: true
properties:
BufferOptions:
properties:
PersistentBufferEnabled:
type: boolean
required:
- PersistentBufferEnabled
type: object
EncryptionAtRestOptions:
properties:
KmsKeyArn:
type: string
required:
- KmsKeyArn
type: object
LogPublishingOptions:
properties:
CloudWatchLogDestination:
properties:
LogGroup:
type: string
required:
- LogGroup
type: object
IsLoggingEnabled:
type: boolean
type: object
MaxUnits:
type: integer
MinUnits:
type: integer
type:
enum:
- update
required:
- type
Permissions - osis:UpdatePipeline