aws.workspaces-image

Filters

cross-account

event

finding

list-item

marked-for-op

ops-item

reduce

tag-count

value

cross-account

Check a resource’s embedded iam policy for cross account access.

properties:
  type:
    enum:
    - cross-account
  whitelist:
    items:
      type: string
    type: array
  whitelist_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      headers:
        patternProperties:
          ? ''
          : type: string
        type: object
      query:
        type: string
      url:
        type: string
    required:
    - url
    type: object
required:
- type

Permissions - workspaces:DescribeWorkspaceImagePermissions

Actions

auto-tag-user

copy-related-tag

delete

invoke-lambda

invoke-sfn

mark-for-op

notify

post-finding

post-item

put-metric

remove-tag

rename-tag

tag

webhook

delete

Deletes a Workspace Image

example:

policies:
  - name: delete-workspace-img
    resource: workspaces-image
    filters:
      - "tag:DeleteMe": present
    actions:
      - delete

properties:
  type:
    enum:
    - delete
required:
- type

Permissions - workspaces:DeleteWorkspaceImage

rename-tag

Rename an existing tag key to a new value.

example:

rename Application, and Bap to App, if a resource has both of the old keys then we’ll use the value specified by Application, which is based on the order of values of old_keys.

policies:
- name: rename-tags-example
  resource: aws.log-group
  filters:
    - or:
      - "tag:Bap": present
      - "tag:Application": present
  actions:
    - type: rename-tag
      old_keys: [Application, Bap]
      new_key: App

properties:
  new_key:
    type: string
  old_key:
    type: string
  old_keys:
    items:
      type: string
    type: array
  type:
    enum:
    - rename-tag
required:
- type

Permissions - tag:TagResources, tag:UntagResources