aws.rest-api¶
Filters¶
cross-account¶
Check a resource’s embedded iam policy for cross account access.
properties:
actions:
items:
type: string
type: array
everyone_only:
type: boolean
type:
enum:
- cross-account
whitelist:
items:
type: string
type: array
whitelist_conditions:
items:
type: string
type: array
whitelist_from:
additionalProperties: 'False'
properties:
expr:
oneOf:
- type: integer
- type: string
format:
enum:
- csv
- json
- txt
- csv2dict
headers:
patternProperties:
? ''
: type: string
type: object
url:
type: string
required:
- url
type: object
whitelist_orgids:
items:
type: string
type: array
whitelist_orgids_from:
additionalProperties: 'False'
properties:
expr:
oneOf:
- type: integer
- type: string
format:
enum:
- csv
- json
- txt
- csv2dict
headers:
patternProperties:
? ''
: type: string
type: object
url:
type: string
required:
- url
type: object
whitelist_vpc:
items:
type: string
type: array
whitelist_vpc_from:
additionalProperties: 'False'
properties:
expr:
oneOf:
- type: integer
- type: string
format:
enum:
- csv
- json
- txt
- csv2dict
headers:
patternProperties:
? ''
: type: string
type: object
url:
type: string
required:
- url
type: object
whitelist_vpce:
items:
type: string
type: array
whitelist_vpce_from:
additionalProperties: 'False'
properties:
expr:
oneOf:
- type: integer
- type: string
format:
enum:
- csv
- json
- txt
- csv2dict
headers:
patternProperties:
? ''
: type: string
type: object
url:
type: string
required:
- url
type: object
required:
- type
Permissions - apigateway:GET
json-diff¶
Compute the diff from the current resource to a previous version.
A resource matches the filter if a diff exists between the current resource and the selected revision.
Utilizes config as a resource revision database.
Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).
properties:
selector:
enum:
- previous
- date
- locked
selector_value:
type: string
type:
enum:
- json-diff
required:
- type
Permissions - config:GetResourceConfigHistory
Actions¶
delete¶
Delete a REST API.
- example:
contrived example to delete rest api
policies:
- name: apigw-delete
resource: rest-api
filters:
- description: empty
actions:
- type: delete
properties:
type:
enum:
- delete
required:
- type
Permissions - apigateway:DELETE
update¶
Update configuration of a REST API.
Non-exhaustive list of updateable attributes. https://docs.aws.amazon.com/apigateway/api-reference/link-relation/restapi-update/#remarks
- example:
contrived example to update description on api gateways
policies:
- name: apigw-description
resource: rest-api
filters:
- description: empty
actions:
- type: update
patch:
- op: replace
path: /description
value: "not empty :-)"
properties:
patch:
items:
additonalProperties: false
properties:
from:
type: string
op:
enum:
- add
- remove
- update
- copy
- replace
- test
path:
type: string
value:
type: string
required:
- op
- path
type: object
type: array
type:
enum:
- update
required:
- patch
- type
Permissions - apigateway:PATCH