aws.resolver-logs

Filters

• config-compliance

• event

• finding

• is-associated

• list-item

• ops-item

• reduce

• value

is-associated

Checks LogConfig Associations for VPCs.

example:

policies:
    - name: r53-resolver-query-log-config-associations
      resource: resolver-logs
      filters:
       - type: is-associated
         vpcid: "vpc-12345678"

properties:
  type:
    enum:
    - is-associated
  vpcid:
    pattern: ^(?:vpc-[0-9a-f]{8,17}|all)$
    type: string
required:
- type

Permissions - route53resolver:ListResolverQueryLogConfigAssociations

Actions

• associate-vpc

• invoke-lambda

• invoke-sfn

• notify

• post-finding

• post-item

• put-metric

• webhook

associate-vpc

Associates ResolverQueryLogConfig to a VPC

example:

policies:
  - name: r53-resolver-query-log-config-associate
    resource: resolver-logs
    filters:
      - type: value
        key: 'Name'
        op: eq
        value: "Test-rqlc"
    actions:
      - type: associate-vpc
        vpcid: all

properties:
  type:
    enum:
    - associate-vpc
  vpcid:
    pattern: ^(?:vpc-[0-9a-f]{8,17}|all)$
    type: string
required:
- vpcid
- type

Permissions - route53resolver:AssociateResolverQueryLogConfig, route53resolver:ListResolverQueryLogConfigAssociations