aws.rds-subnet-group

RDS subnet group.

Filters

json-diff

Compute the diff from the current resource to a previous version.

A resource matches the filter if a diff exists between the current resource and the selected revision.

Utilizes config as a resource revision database.

Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).

properties:
  selector:
    enum:
    - previous
    - date
    - locked
  selector_value:
    type: string
  type:
    enum:
    - json-diff
required:
- type

Permissions - config:GetResourceConfigHistory

unused

Filters all launch rds subnet groups that are not in use but exist

example:

policies:
  - name: rds-subnet-group-delete-unused
    resource: rds-subnet-group
    filters:
      - unused
properties:
  type:
    enum:
    - unused
required:
- type

Permissions - rds:DescribeDBInstances

Actions

delete

Action to delete RDS Subnet Group

It is recommended to apply a filter to the delete policy to avoid unwanted deletion of any rds subnet groups.

example:

policies:
  - name: rds-subnet-group-delete
    resource: rds-subnet-group
    filters:
      - Instances: []
    actions:
      - delete
properties:
  type:
    enum:
    - delete
required:
- type

Permissions - rds:DeleteDBSubnetGroup