aws.rds-param-group
Resource manager for RDS parameter groups.
Filters
db-parameter
Filter by parameters.
- example:
policies:
- name: rds-param-group-param-filter
resource: rds-param-group
filters:
- type: db-parameter
key: someparam
op: eq
value: someval
properties:
default:
type: object
key:
type: string
op:
enum:
- eq
- equal
- ne
- not-equal
- gt
- greater-than
- ge
- gte
- le
- lte
- lt
- less-than
- glob
- regex
- regex-case
- in
- ni
- not-in
- contains
- difference
- intersect
- mod
type:
enum:
- db-parameter
value:
oneOf:
- type: array
- type: string
- type: boolean
- type: number
- type: 'null'
value_from:
additionalProperties: 'False'
properties:
expr:
oneOf:
- type: integer
- type: string
format:
enum:
- csv
- json
- txt
- csv2dict
headers:
patternProperties:
? ''
: type: string
type: object
query:
type: string
url:
type: string
required:
- url
type: object
value_path:
type: string
value_regex:
type: string
value_type:
enum:
- age
- integer
- expiration
- normalize
- size
- cidr
- cidr_size
- swap
- resource_count
- expr
- unique_size
- date
- version
- float
required:
- type
Permissions - rds:DescribeDBParameters
Actions
copy
Action to copy an RDS parameter group.
- example:
policies:
- name: rds-param-group-copy
resource: rds-param-group
filters:
- DBParameterGroupName: original_pg_name
actions:
- type: copy
name: copy_name
properties:
description:
type: string
name:
type: string
type:
enum:
- copy
required:
- name
- type
Permissions - rds:CopyDBParameterGroup
delete
Action to delete an RDS parameter group
- example:
policies:
- name: rds-param-group-delete
resource: rds-param-group
filters:
- DBParameterGroupName: pg_name
actions:
- type: delete
properties:
type:
enum:
- delete
required:
- type
Permissions - rds:DeleteDBParameterGroup
modify
Action to modify an RDS parameter group
- example:
policies:
- name: rds-param-group-modify
resource: rds-param-group
filters:
- DBParameterGroupName: pg_name
actions:
- type: modify
params:
- name: autocommit
value: "1"
- name: max_connections
value: "100"
properties:
params:
items:
apply-method:
enum:
- immediate
- pending-reboot
type: string
name:
type: string
required:
- name
- value
type: object
value:
type: string
type: array
type:
enum:
- modify
required:
- params
- type
Permissions - rds:DescribeDBParameters, rds:ModifyDBParameterGroup
rename-tag
Rename an existing tag key to a new value.
- example:
rename Application, and Bap to App, if a resource has both of the old keys then we’ll use the value specified by Application, which is based on the order of values of old_keys.
policies: - name: rename-tags-example resource: aws.log-group filters: - or: - "tag:Bap": present - "tag:Application": present actions: - type: rename-tag old_keys: [Application, Bap] new_key: App
properties:
new_key:
type: string
old_key:
type: string
old_keys:
items:
type: string
type: array
type:
enum:
- rename-tag
required:
- type
Permissions - tag:TagResources, tag:UntagResources