aws.resource-share-self

Filters

config-compliance

event

external-share

finding

list-item

marked-for-op

ops-item

reduce

value

Actions

auto-tag-user

copy-related-tag

delete

disassociate

invoke-lambda

invoke-sfn

mark-for-op

notify

post-finding

post-item

put-metric

remove-tag

rename-tag

tag

webhook

delete

Action to delete a Resource Share

example:

policies:
  - name: delete-ram-resource-share
    resource: resource-share-self
    filters:
    - type: external-share
      allowlist_entities:
      - "123456789012"
      - o-abcd1234
    actions:
      - delete

properties:
  type:
    enum:
    - delete
required:
- type

Permissions - ram:DeleteResourceShare

disassociate

Action to disassociate principals from a Resource Share https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ram/client/disassociate_resource_share.html :example:

policies:
  - name: disassociate-ram-resource-share
    resource: resource-share-self
    filters:
    - type: external-share
      allowlist_entities:
        - "123456789012"
        - o-abcd1234
    actions:
    - type: disassociate
      principals: matched

properties:
  principals:
    enum:
    - matched
    - all
  type:
    enum:
    - disassociate
required:
- principals
- type

Permissions - ram:DisassociateResourceShare

rename-tag

Rename an existing tag key to a new value.

example:

rename Application, and Bap to App, if a resource has both of the old keys then we’ll use the value specified by Application, which is based on the order of values of old_keys.

policies:
- name: rename-tags-example
  resource: aws.log-group
  filters:
    - or:
      - "tag:Bap": present
      - "tag:Application": present
  actions:
    - type: rename-tag
      old_keys: [Application, Bap]
      new_key: App

properties:
  new_key:
    type: string
  old_key:
    type: string
  old_keys:
    items:
      type: string
    type: array
  type:
    enum:
    - rename-tag
required:
- type

Permissions - tag:TagResources, tag:UntagResources