aws.rds-proxy¶
Resource Manager for RDS DB Proxies
- example:
policies:
- name: rds-proxy-tls-check
resource: rds-proxy
filters:
- type: value
key: RequireTLS
value: false
Filters¶
json-diff¶
Compute the diff from the current resource to a previous version.
A resource matches the filter if a diff exists between the current resource and the selected revision.
Utilizes config as a resource revision database.
Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).
properties:
selector:
enum:
- previous
- date
- locked
selector_value:
type: string
type:
enum:
- json-diff
required:
- type
Permissions - config:GetResourceConfigHistory
Actions¶
delete¶
Deletes a RDS Proxy
- example:
policies:
- name: delete-rds-proxy
resource: aws.rds-proxy
filters:
- type: value
key: "DBProxyName"
op: eq
value: "proxy-test-1"
actions:
- type: delete
properties:
type:
enum:
- delete
required:
- type
Permissions - rds:DeleteDBProxy
rename-tag¶
Rename an existing tag key to a new value.
- example:
rename Application, and Bap to App, if a resource has both of the old keys then we’ll use the value specified by Application, which is based on the order of values of old_keys.
policies: - name: rename-tags-example resource: aws.log-group filters: - or: - "tag:Bap": present - "tag:Application": present actions: - type: rename-tag old_keys: [Application, Bap] new_key: App
properties:
new_key:
type: string
old_key:
type: string
old_keys:
items:
type: string
type: array
type:
enum:
- rename-tag
required:
- type
Permissions - tag:TagResources, tag:UntagResources