aws.rds-subnet-group¶
RDS subnet group.
Filters¶
json-diff¶
Compute the diff from the current resource to a previous version.
A resource matches the filter if a diff exists between the current resource and the selected revision.
Utilizes config as a resource revision database.
Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).
properties:
selector:
enum:
- previous
- date
- locked
selector_value:
type: string
type:
enum:
- json-diff
required:
- type
Permissions - config:GetResourceConfigHistory
unused¶
Filters all launch rds subnet groups that are not in use but exist
- example:
policies:
- name: rds-subnet-group-delete-unused
resource: rds-subnet-group
filters:
- unused
properties:
type:
enum:
- unused
required:
- type
Permissions - rds:DescribeDBInstances
Actions¶
delete¶
Action to delete RDS Subnet Group
It is recommended to apply a filter to the delete policy to avoid unwanted deletion of any rds subnet groups.
- example:
policies:
- name: rds-subnet-group-delete
resource: rds-subnet-group
filters:
- Instances: []
actions:
- delete
properties:
type:
enum:
- delete
required:
- type
Permissions - rds:DeleteDBSubnetGroup