Resource Manager for RDS DB Proxies
policies: - name: rds-proxy-tls-check resource: rds-proxy filters: - type: value key: RequireTLS value: false
Compute the diff from the current resource to a previous version.
A resource matches the filter if a diff exists between the current resource and the selected revision.
Utilizes config as a resource revision database.
Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).
properties: selector: enum: - previous - date - locked selector_value: type: string type: enum: - json-diff required: - type
Permissions - config:GetResourceConfigHistory
Deletes a RDS Proxy
policies: - name: delete-rds-proxy resource: aws.rds-proxy filters: - type: value key: "DBProxyName" op: eq value: "proxy-test-1" actions: - type: delete
properties: type: enum: - delete required: - type
Permissions - rds:DeleteDBProxy
Rename an existing tag key to a new value.
rename Application, and Bap to App, if a resource has both of the old keys then we’ll use the value specified by Application, which is based on the order of values of old_keys.
policies: - name: rename-tags-example resource: aws.log-group filters: - or: - "tag:Bap": present - "tag:Application": present actions: - type: rename-tag old_keys: [Application, Bap] new_key: App
properties: new_key: type: string old_key: type: string old_keys: items: type: string type: array type: enum: - rename-tag required: - type