aws.rest-api

Filters

cross-account

Check a resource’s embedded iam policy for cross account access.

properties:
  actions:
    items:
      type: string
    type: array
  everyone_only:
    type: boolean
  type:
    enum:
    - cross-account
  whitelist:
    items:
      type: string
    type: array
  whitelist_conditions:
    items:
      type: string
    type: array
  whitelist_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      url:
        type: string
    required:
    - url
    type: object
  whitelist_orgids:
    items:
      type: string
    type: array
  whitelist_orgids_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      url:
        type: string
    required:
    - url
    type: object
  whitelist_vpc:
    items:
      type: string
    type: array
  whitelist_vpc_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      url:
        type: string
    required:
    - url
    type: object
  whitelist_vpce:
    items:
      type: string
    type: array
  whitelist_vpce_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      url:
        type: string
    required:
    - url
    type: object
required:
- type

Actions

delete

Delete a REST API.

example

contrived example to delete rest api

policies:
  - name: apigw-delete
    resource: rest-api
    filters:
      - description: empty
    actions:
      - type: delete
properties:
  type:
    enum:
    - delete
required:
- type

update

Update configuration of a REST API.

Non-exhaustive list of updateable attributes. https://docs.aws.amazon.com/apigateway/api-reference/link-relation/restapi-update/#remarks

example

contrived example to update description on api gateways

policies:
  - name: apigw-description
    resource: rest-api
    filters:
      - description: empty
    actions:
      - type: update
        patch:
         - op: replace
           path: /description
           value: "not empty :-)"
properties:
  patch:
    items:
      additonalProperties: false
      properties:
        from:
          type: string
        op:
          enum:
          - add
          - remove
          - update
          - copy
          - replace
          - test
        path:
          type: string
        value:
          type: string
      required:
      - op
      - path
      type: object
    type: array
  type:
    enum:
    - update
required:
- patch
- type