aws.rest-stage

Filters

• config-compliance

• event

• finding

• json-diff

• marked-for-op

• ops-item

• reduce

• tag-count

• value

json-diff

Compute the diff from the current resource to a previous version.

A resource matches the filter if a diff exists between the current resource and the selected revision.

Utilizes config as a resource revision database.

Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).

properties:
  selector:
    enum:
    - previous
    - date
    - locked
  selector_value:
    type: string
  type:
    enum:
    - json-diff
required:
- type

Permissions - config:GetResourceConfigHistory

Actions

• auto-tag-user

• copy-related-tag

• delete

• invoke-lambda

• invoke-sfn

• mark-for-op

• notify

• post-finding

• post-item

• put-metric

• remove-tag

• tag

• update

• webhook

delete

Delete an api stage

example

policies:
  - name: delete-rest-stage
    resource: rest-stage
    filters:
      - methodSettings."*/*".cachingEnabled: true
    actions:
      - type: delete

properties:
  type:
    enum:
    - delete
required:
- type

Permissions - apigateway:DELETE

update

Update/remove values of an api stage

example

policies:
  - name: disable-stage-caching
    resource: rest-stage
    filters:
      - methodSettings."*/*".cachingEnabled: true
    actions:
      - type: update
        patch:
          - op: replace
            path: /*/*/caching/enabled
            value: 'false'

properties:
  patch:
    items:
      additonalProperties: false
      properties:
        from:
          type: string
        op:
          enum:
          - add
          - remove
          - update
          - copy
          - replace
          - test
        path:
          type: string
        value:
          type: string
      required:
      - op
      - path
      type: object
    type: array
  type:
    enum:
    - update
required:
- patch
- type

Permissions - apigateway:PATCH