Skip to content

Instantly share code, notes, and snippets.

@atheken

atheken/cloud-custodian.schema.json

Last active April 8, 2025 20:26
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save atheken/ee1137232a4959b482081a30ea50d235 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save atheken/ee1137232a4959b482081a30ea50d235 to your computer and use it in GitHub Desktop.
Download ZIP
custodian schema
Raw
cloud-custodian.schema.json
This file has been truncated, but you can view the full file.
{
"$schema": "http://json-schema.org/draft-07/schema#",
"id": "http://schema.cloudcustodian.io/v0/custodian.json",
"definitions": {
"resources": {
"aws.access-analyzer-finding": {
"actions": {},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.access-analyzer-finding",
"access-analyzer-finding"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.access-analyzer-finding/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.access-analyzer-finding/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.access-analyzer-finding/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.account": {
"actions": {
"enable-cloudtrail": {
"type": "object",
"properties": {
"type": {
"enum": [
"enable-cloudtrail"
]
},
"trail": {
"type": "string"
},
"bucket": {
"type": "string"
},
"bucket-region": {
"type": "string"
},
"multi-region": {
"type": "boolean"
},
"global-events": {
"type": "boolean"
},
"notify": {
"type": "string"
},
"file-digest": {
"type": "boolean"
},
"kms": {
"type": "boolean"
},
"kms-key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"bucket"
]
},
"enable-data-events": {
"type": "object",
"properties": {
"type": {
"enum": [
"enable-data-events"
]
},
"data-trail": {
"type": "object",
"additionalProperties": false,
"required": [
"name"
],
"properties": {
"create": {
"title": "Should we create trail if needed for events?",
"type": "boolean"
},
"type": {
"enum": [
"ReadOnly",
"WriteOnly",
"All"
]
},
"name": {
"title": "The name of the event trail",
"type": "string"
},
"topic": {
"title": "If creating, the sns topic for the trail to send updates",
"type": "string"
},
"s3-bucket": {
"title": "If creating, the bucket to store trail event data",
"type": "string"
},
"s3-prefix": {
"type": "string"
},
"key-id": {
"title": "If creating, Enable kms on the trail",
"type": "string"
},
"multi-region": {
"title": "If creating, use this region for all data trails",
"type": "string"
}
}
}
},
"additionalProperties": false,
"required": [
"data-trail",
"type"
]
},
"request-limit-increase": {
"type": "object",
"additionalProperties": false,
"properties": {
"type": {
"enum": [
"request-limit-increase"
]
},
"percent-increase": {
"type": "number",
"minimum": 1
},
"amount-increase": {
"type": "number",
"minimum": 1
},
"minimum-increase": {
"type": "number",
"minimum": 1
},
"subject": {
"type": "string"
},
"message": {
"type": "string"
},
"notify": {
"type": "array",
"items": {
"type": "string"
}
},
"severity": {
"type": "string",
"enum": [
"urgent",
"high",
"normal",
"low"
]
}
},
"oneOf": [
{
"required": [
"type",
"percent-increase"
]
},
{
"required": [
"type",
"amount-increase"
]
}
]
},
"set-bedrock-model-invocation-logging": {
"type": "object",
"additionalProperties": false,
"properties": {
"type": {
"enum": [
"set-bedrock-model-invocation-logging"
]
},
"enabled": {
"type": "boolean"
},
"loggingConfig": {
"type": "object"
}
}
},
"set-ebs-encryption": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-ebs-encryption"
]
},
"state": {
"type": "boolean"
},
"key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-ec2-metadata-defaults": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-ec2-metadata-defaults"
]
},
"HttpTokens": {
"enum": [
"optional",
"required",
"no-preference"
]
},
"HttpPutResponseHopLimit": {
"type": "integer"
},
"HttpEndpoint": {
"enum": [
"enabled",
"disabled",
"no-preference"
]
},
"InstanceMetadataTags": {
"enum": [
"enabled",
"disabled",
"no-preference"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-emr-block-public-access": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-emr-block-public-access"
]
},
"config": {
"type": "object",
"properties": {
"BlockPublicSecurityGroupRules": {
"type": "boolean"
},
"PermittedPublicSecurityGroupRuleRanges": {
"type": "array",
"items": {
"type": "object",
"properties": {
"MinRange": {
"type": "number",
"minimum": 0
},
"MaxRange": {
"type": "number",
"minimum": 0
}
},
"required": [
"MinRange"
]
}
}
},
"required": [
"BlockPublicSecurityGroupRules"
]
}
},
"additionalProperties": false,
"required": [
"config"
]
},
"set-password-policy": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-password-policy"
]
},
"policy": {
"type": "object"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-s3-public-block": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-s3-public-block"
]
},
"state": {
"type": "boolean",
"default": true
},
"BlockPublicAcls": {
"type": "boolean"
},
"IgnorePublicAcls": {
"type": "boolean"
},
"BlockPublicPolicy": {
"type": "boolean"
},
"RestrictPublicBuckets": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-shield-advanced": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-shield-advanced"
]
},
"state": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-xray-encrypt": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-xray-encrypt"
]
},
"key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"key",
"type"
]
},
"toggle-config-managed-rule": {
"type": "object",
"properties": {
"type": {
"enum": [
"toggle-config-managed-rule"
]
},
"enabled": {
"type": "boolean",
"default": true
},
"rule_name": {
"type": "string"
},
"rule_prefix": {
"type": "string"
},
"managed_rule_id": {
"type": "string"
},
"resource_types": {
"type": "array",
"items": {
"pattern": "^AWS::*",
"type": "string"
}
},
"resource_tag": {
"type": "object",
"properties": {
"key": {
"type": "string"
},
"value": {
"type": "string"
}
},
"required": [
"key",
"value"
]
},
"resource_id": {
"type": "string"
},
"rule_parameters": {
"type": "string"
},
"remediation": {
"type": "object",
"properties": {
"TargetType": {
"type": "string"
},
"TargetId": {
"type": "string"
},
"Automatic": {
"type": "boolean"
},
"Parameters": {
"type": "object"
},
"MaximumAutomaticAttempts": {
"type": "integer",
"minimum": 1,
"maximum": 25
},
"RetryAttemptSeconds": {
"type": "integer",
"minimum": 1,
"maximum": 2678000
},
"ExecutionControls": {
"type": "object"
}
}
},
"tags": {
"type": "object"
}
},
"additionalProperties": false,
"required": [
"rule_name",
"type"
]
}
},
"filters": {
"access-analyzer": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"access-analyzer"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"check-cloudtrail": {
"type": "object",
"properties": {
"type": {
"enum": [
"check-cloudtrail"
]
},
"multi-region": {
"type": "boolean"
},
"global-events": {
"type": "boolean"
},
"current-region": {
"type": "boolean"
},
"running": {
"type": "boolean"
},
"notifies": {
"type": "boolean"
},
"file-digest": {
"type": "boolean"
},
"kms": {
"type": "boolean"
},
"kms-key": {
"type": "string"
},
"include-management-events": {
"type": "boolean"
},
"log-metric-filter-pattern": {
"oneOf": [
{
"$ref": "#/definitions/filters/value"
},
{
"type": "string"
}
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"check-config": {
"type": "object",
"properties": {
"type": {
"enum": [
"check-config"
]
},
"all-resources": {
"type": "boolean"
},
"running": {
"type": "boolean"
},
"global-resources": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"check-macie": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"check-macie"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"credential": {
"type": "object",
"properties": {
"type": {
"enum": [
"credential"
]
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"key": {
"type": "string",
"title": "report key to search",
"enum": [
"user",
"arn",
"user_creation_time",
"password_enabled",
"password_last_used",
"password_last_changed",
"password_next_rotation",
"mfa_active",
"access_keys",
"access_keys.active",
"access_keys.last_used_date",
"access_keys.last_used_region",
"access_keys.last_used_service",
"access_keys.last_rotated",
"certs",
"certs.active",
"certs.last_rotated"
]
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"report_generate": {
"title": "Generate a report if none is present.",
"default": true,
"type": "boolean"
},
"report_delay": {
"title": "Number of seconds to wait for report generation.",
"default": 10,
"type": "number"
},
"report_max_age": {
"title": "Number of seconds to consider a report valid.",
"default": 86400,
"type": "number"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"default-ebs-encryption": {
"type": "object",
"properties": {
"type": {
"enum": [
"default-ebs-encryption"
]
},
"state": {
"type": "boolean"
},
"key": {
"oneOf": [
{
"$ref": "#/definitions/filters/value"
},
{
"type": "string"
}
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"emr-block-public-access": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"emr-block-public-access"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"glue-security-config": {
"type": "object",
"additionalProperties": false,
"properties": {
"type": {
"enum": [
"glue-security-config"
]
},
"CatalogEncryptionMode": {
"enum": [
"DISABLED",
"SSE-KMS"
]
},
"SseAwsKmsKeyId": {
"type": "string"
},
"ReturnConnectionPasswordEncrypted": {
"type": "boolean"
},
"AwsKmsKeyId": {
"type": "string"
}
}
},
"guard-duty": {
"type": "object",
"additionalProperties": false,
"properties": {
"type": {
"enum": [
"guard-duty"
]
},
"match-operator": {
"enum": [
"or",
"and"
]
}
},
"patternProperties": {
"^Detector": {
"oneOf": [
{
"type": "object"
},
{
"type": "string"
}
]
},
"^Master": {
"oneOf": [
{
"type": "object"
},
{
"type": "string"
}
]
}
}
},
"has-virtual-mfa": {
"type": "object",
"properties": {
"type": {
"enum": [
"has-virtual-mfa"
]
},
"value": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"iam-summary": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"iam-summary"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"lakeformation-s3-cross-account": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"lakeformation-s3-cross-account"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"missing": {
"type": "object",
"properties": {
"type": {
"enum": [
"missing"
]
},
"policy": {
"type": "object",
"required": [
"resource"
],
"properties": {
"resource": {
"type": "string"
}
}
}
},
"additionalProperties": false,
"required": [
"policy",
"type"
]
},
"organization": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"organization"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"password-policy": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"password-policy"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"s3-public-block": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"s3-public-block"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"securityhub": {
"type": "object",
"properties": {
"type": {
"enum": [
"securityhub"
]
},
"enabled": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"service-limit": {
"type": "object",
"properties": {
"type": {
"enum": [
"service-limit"
]
},
"threshold": {
"type": "number"
},
"refresh_period": {
"type": "integer",
"title": "how long should a check result be considered fresh"
},
"names": {
"type": "array",
"items": {
"type": "string"
}
},
"limits": {
"type": "array",
"items": {
"type": "string"
}
},
"services": {
"type": "array",
"items": {
"enum": [
"AutoScaling",
"CloudFormation",
"DynamoDB",
"EBS",
"EC2",
"ELB",
"IAM",
"RDS",
"Route53",
"SES",
"VPC"
]
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"ses-send-stats": {
"type": "object",
"properties": {
"type": {
"enum": [
"ses-send-stats"
]
},
"days": {
"type": "number",
"minimum": 2
}
},
"additionalProperties": false,
"required": [
"days",
"type"
]
},
"shield-enabled": {
"type": "object",
"properties": {
"type": {
"enum": [
"shield-enabled"
]
},
"state": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"xray-encrypt-key": {
"type": "object",
"properties": {
"type": {
"enum": [
"xray-encrypt-key"
]
},
"key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"key",
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.account",
"account"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.account/filters/access-analyzer"
},
{
"$ref": "#/definitions/filters/aws.bedrock-model-invocation-logging"
},
{
"$ref": "#/definitions/resources/aws.account/filters/check-cloudtrail"
},
{
"$ref": "#/definitions/resources/aws.account/filters/check-config"
},
{
"$ref": "#/definitions/resources/aws.account/filters/check-macie"
},
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/resources/aws.account/filters/credential"
},
{
"$ref": "#/definitions/resources/aws.account/filters/default-ebs-encryption"
},
{
"$ref": "#/definitions/filters/aws.ec2-metadata-defaults"
},
{
"$ref": "#/definitions/resources/aws.account/filters/emr-block-public-access"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.account/filters/glue-security-config"
},
{
"$ref": "#/definitions/resources/aws.account/filters/guard-duty"
},
{
"$ref": "#/definitions/resources/aws.account/filters/has-virtual-mfa"
},
{
"$ref": "#/definitions/resources/aws.account/filters/iam-summary"
},
{
"$ref": "#/definitions/resources/aws.account/filters/lakeformation-s3-cross-account"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/resources/aws.account/filters/missing"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/resources/aws.account/filters/organization"
},
{
"$ref": "#/definitions/resources/aws.account/filters/password-policy"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/resources/aws.account/filters/s3-public-block"
},
{
"$ref": "#/definitions/resources/aws.account/filters/securityhub"
},
{
"$ref": "#/definitions/resources/aws.account/filters/service-limit"
},
{
"$ref": "#/definitions/filters/aws.ses-agg-send-stats"
},
{
"$ref": "#/definitions/resources/aws.account/filters/ses-send-stats"
},
{
"$ref": "#/definitions/resources/aws.account/filters/shield-enabled"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"$ref": "#/definitions/resources/aws.account/filters/xray-encrypt-key"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"missing",
"credential",
"organization",
"check-macie",
"check-cloudtrail",
"guard-duty",
"check-config",
"iam-summary",
"access-analyzer",
"password-policy",
"service-limit",
"has-virtual-mfa",
"shield-enabled",
"xray-encrypt-key",
"default-ebs-encryption",
"s3-public-block",
"glue-security-config",
"emr-block-public-access",
"securityhub",
"lakeformation-s3-cross-account",
"ses-agg-send-stats",
"ses-send-stats",
"bedrock-model-invocation-logging",
"ec2-metadata-defaults",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.account/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.account/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.account/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.account/actions/enable-cloudtrail"
},
{
"$ref": "#/definitions/resources/aws.account/actions/enable-data-events"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/resources/aws.account/actions/request-limit-increase"
},
{
"$ref": "#/definitions/resources/aws.account/actions/set-bedrock-model-invocation-logging"
},
{
"$ref": "#/definitions/resources/aws.account/actions/set-ebs-encryption"
},
{
"$ref": "#/definitions/resources/aws.account/actions/set-ec2-metadata-defaults"
},
{
"$ref": "#/definitions/resources/aws.account/actions/set-emr-block-public-access"
},
{
"$ref": "#/definitions/resources/aws.account/actions/set-password-policy"
},
{
"$ref": "#/definitions/resources/aws.account/actions/set-s3-public-block"
},
{
"$ref": "#/definitions/resources/aws.account/actions/set-shield-advanced"
},
{
"$ref": "#/definitions/resources/aws.account/actions/set-xray-encrypt"
},
{
"$ref": "#/definitions/resources/aws.account/actions/toggle-config-managed-rule"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"set-password-policy",
"request-limit-increase",
"post-finding",
"enable-cloudtrail",
"enable-data-events",
"set-shield-advanced",
"set-xray-encrypt",
"set-ebs-encryption",
"set-s3-public-block",
"set-emr-block-public-access",
"toggle-config-managed-rule",
"set-bedrock-model-invocation-logging",
"set-ec2-metadata-defaults",
"invoke-lambda",
"put-metric",
"notify",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.acm-certificate": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.acm-certificate",
"acm-certificate"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.health-event"
},
{
"$ref": "#/definitions/resources/aws.acm-certificate/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"health-event",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.acm-certificate/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.acm-certificate/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.acm-certificate/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.acm-certificate/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.acm-certificate/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.advisor-check": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.advisor-check",
"advisor-check"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.advisor-check/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.advisor-check/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.advisor-check/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.advisor-check/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.airflow": {
"actions": {
"delete-environment": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete-environment"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"update-environment": {
"type": "object",
"properties": {
"type": {
"enum": [
"update-environment"
]
},
"access_mode": {
"type": "string",
"enum": [
"PRIVATE_ONLY",
"PUBLIC_ONLY"
]
}
},
"additionalProperties": false,
"required": [
"access_mode",
"type"
]
}
},
"filters": {
"kms-key": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"kms-key"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"match-resource": {
"type": "boolean"
},
"operator": {
"enum": [
"and",
"or"
]
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.airflow",
"airflow"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.airflow/filters/kms-key"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"kms-key",
"marked-for-op",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.airflow/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.airflow/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.airflow/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.airflow/actions/delete-environment"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/resources/aws.airflow/actions/update-environment"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"remove-tag",
"mark-for-op",
"update-environment",
"delete-environment",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.alarm": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"is-composite-child": {
"type": "object",
"properties": {
"type": {
"enum": [
"is-composite-child"
]
},
"state": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.alarm",
"alarm"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.alarm/filters/is-composite-child"
},
{
"$ref": "#/definitions/resources/aws.alarm/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"is-composite-child",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.alarm/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.alarm/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.alarm/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.alarm/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.alarm/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.ami": {
"actions": {
"cancel-launch-permission": {
"type": "object",
"properties": {
"type": {
"enum": [
"cancel-launch-permission"
]
},
"dryrun": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"copy": {
"type": "object",
"additionalProperties": false,
"properties": {
"type": {
"enum": [
"copy"
]
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"region": {
"type": "string"
},
"encrypt": {
"type": "boolean"
},
"key-id": {
"type": "string"
}
}
},
"deregister": {
"type": "object",
"properties": {
"type": {
"enum": [
"deregister"
]
},
"delete-snapshots": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"remove-launch-permissions": {
"type": "object",
"properties": {
"type": {
"enum": [
"remove-launch-permissions"
]
},
"accounts": {
"oneOf": [
{
"enum": [
"matched"
]
},
{
"type": "string",
"minLength": 12,
"maxLength": 12
}
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-deprecation": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-deprecation"
]
},
"date": {
"type": "string"
},
"days": {
"type": "integer"
},
"age": {
"type": "integer"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-permissions": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-permissions"
]
},
"remove": {
"oneOf": [
{
"enum": [
"matched"
]
},
{
"type": "array",
"items": {
"type": "string"
}
}
]
},
"add": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"cross-account": {
"type": "object",
"properties": {
"type": {
"enum": [
"cross-account"
]
},
"whitelist_from": {
"type": "object",
"additionalProperties": "False",
"required": [
"url"
],
"properties": {
"url": {
"type": "string"
},
"query": {
"type": "string"
},
"format": {
"enum": [
"csv",
"json",
"txt",
"csv2dict"
]
},
"expr": {
"oneOf": [
{
"type": "integer"
},
{
"type": "string"
}
]
},
"headers": {
"type": "object",
"patternProperties": {
"": {
"type": "string"
}
}
}
}
},
"whitelist": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"image-age": {
"type": "object",
"properties": {
"type": {
"enum": [
"image-age"
]
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"days": {
"type": "number",
"minimum": 0
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"image-attribute": {
"type": "object",
"additionalProperties": false,
"required": [
"attribute"
],
"properties": {
"type": {
"enum": [
"image-attribute"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"attribute": {
"enum": [
"description",
"kernel",
"ramdisk",
"launchPermissions",
"productCodes",
"blockDeviceMapping",
"sriovNetSupport",
"bootMode",
"tpmSupport",
"uefiData",
"lastLaunchedTime",
"imdsSupport"
]
}
}
},
"unused": {
"type": "object",
"properties": {
"type": {
"enum": [
"unused"
]
},
"value": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.ami",
"ami"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.ami/filters/cross-account"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.ami/filters/image-age"
},
{
"$ref": "#/definitions/resources/aws.ami/filters/image-attribute"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/resources/aws.ami/filters/unused"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"tag-count",
"image-age",
"unused",
"cross-account",
"image-attribute",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.ami/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.ami/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.ami/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/resources/aws.ami/actions/cancel-launch-permission"
},
{
"$ref": "#/definitions/resources/aws.ami/actions/copy"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.ami/actions/deregister"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.normalize-tag"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/resources/aws.ami/actions/remove-launch-permissions"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.rename-tag"
},
{
"$ref": "#/definitions/resources/aws.ami/actions/set-deprecation"
},
{
"$ref": "#/definitions/resources/aws.ami/actions/set-permissions"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.tag-trim"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"auto-tag-user",
"mark-for-op",
"tag-trim",
"mark",
"tag",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"normalize-tag",
"deregister",
"set-deprecation",
"remove-launch-permissions",
"cancel-launch-permission",
"set-permissions",
"copy",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.apigw-domain-name": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"update-security": {
"type": "object",
"properties": {
"type": {
"enum": [
"update-security"
]
},
"securityPolicy": {
"type": "string",
"enum": [
"TLS_1_0",
"TLS_1_2"
]
}
},
"additionalProperties": false,
"required": [
"securityPolicy",
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.apigw-domain-name",
"apigw-domain-name"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"tag-count",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.apigw-domain-name/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.apigw-domain-name/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.apigw-domain-name/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.apigw-domain-name/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/resources/aws.apigw-domain-name/actions/update-security"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"mark",
"tag",
"auto-tag-user",
"mark-for-op",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"update-security",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.apigwv2": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.apigwv2",
"apigwv2"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.apigwv2/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.apigwv2/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.apigwv2/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.apigwv2/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.apigwv2/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.apigwv2-stage": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.apigwv2-stage",
"apigwv2-stage"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.apigwv2-stage/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.apigwv2-stage/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.apigwv2-stage/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.apigwv2-stage/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.apigwv2-stage/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.app-elb": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
},
"force": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"modify-attributes": {
"type": "object",
"additionalProperties": false,
"properties": {
"type": {
"enum": [
"modify-attributes"
]
},
"attributes": {
"type": "object",
"additionalProperties": false,
"properties": {
"access_logs.s3.enabled": {
"enum": [
"true",
"false",
true,
false
]
},
"access_logs.s3.bucket": {
"type": "string"
},
"access_logs.s3.prefix": {
"type": "string"
},
"deletion_protection.enabled": {
"enum": [
"true",
"false",
true,
false
]
},
"idle_timeout.timeout_seconds": {
"type": "number"
},
"routing.http.desync_mitigation_mode": {
"enum": [
"monitor",
"defensive",
"strictest"
]
},
"routing.http.drop_invalid_header_fields.enabled": {
"enum": [
"true",
"false",
true,
false
]
},
"routing.http2.enabled": {
"enum": [
"true",
"false",
true,
false
]
},
"load_balancing.cross_zone.enabled": {
"enum": [
"true",
"false",
true,
false
]
}
}
}
}
},
"modify-listener": {
"type": "object",
"properties": {
"type": {
"enum": [
"modify-listener"
]
},
"port": {
"type": "integer"
},
"protocol": {
"enum": [
"HTTP",
"HTTPS",
"TCP",
"TLS",
"UDP",
"TCP_UDP",
"GENEVE"
]
},
"sslpolicy": {
"type": "string"
},
"certificate": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-s3-logging": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-s3-logging"
]
},
"state": {
"enum": [
"enabled",
"disabled"
]
},
"bucket": {
"type": "string"
},
"prefix": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"state"
]
},
"set-shield": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-shield"
]
},
"state": {
"type": "boolean"
},
"sync": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-waf": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-waf"
]
},
"web-acl": {
"type": "string"
},
"state": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"web-acl",
"type"
]
},
"set-wafv2": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-wafv2"
]
},
"web-acl": {
"type": "string"
},
"state": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"attributes": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"attributes"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"default-vpc": {
"type": "object",
"properties": {
"type": {
"enum": [
"default-vpc"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"healthcheck-protocol-mismatch": {
"type": "object",
"properties": {
"type": {
"enum": [
"healthcheck-protocol-mismatch"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"is-logging": {
"type": "object",
"properties": {
"type": {
"enum": [
"is-logging"
]
},
"bucket": {
"type": "string"
},
"prefix": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"is-not-logging": {
"type": "object",
"properties": {
"type": {
"enum": [
"is-not-logging"
]
},
"bucket": {
"type": "string"
},
"prefix": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"listener": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"listener"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"matched": {
"type": "boolean"
}
}
},
"shield-enabled": {
"type": "object",
"properties": {
"type": {
"enum": [
"shield-enabled"
]
},
"state": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"target-group": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"target-group"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.app-elb",
"app-elb"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.app-elb/filters/attributes"
},
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/resources/aws.app-elb/filters/default-vpc"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.health-event"
},
{
"$ref": "#/definitions/resources/aws.app-elb/filters/healthcheck-protocol-mismatch"
},
{
"$ref": "#/definitions/resources/aws.app-elb/filters/is-logging"
},
{
"$ref": "#/definitions/resources/aws.app-elb/filters/is-not-logging"
},
{
"$ref": "#/definitions/resources/aws.app-elb/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/resources/aws.app-elb/filters/listener"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/filters/aws.network-location"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.security-group"
},
{
"$ref": "#/definitions/resources/aws.app-elb/filters/shield-enabled"
},
{
"$ref": "#/definitions/filters/aws.subnet"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/resources/aws.app-elb/filters/target-group"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"$ref": "#/definitions/filters/aws.vpc"
},
{
"$ref": "#/definitions/filters/aws.waf-enabled"
},
{
"$ref": "#/definitions/filters/aws.wafv2-enabled"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"tag-count",
"marked-for-op",
"shield-enabled",
"network-location",
"security-group",
"subnet",
"vpc",
"waf-enabled",
"wafv2-enabled",
"is-logging",
"is-not-logging",
"attributes",
"listener",
"healthcheck-protocol-mismatch",
"target-group",
"default-vpc",
"config-compliance",
"health-event",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.app-elb/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.app-elb/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.app-elb/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.app-elb/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/resources/aws.app-elb/actions/modify-attributes"
},
{
"$ref": "#/definitions/resources/aws.app-elb/actions/modify-listener"
},
{
"$ref": "#/definitions/actions/aws.modify-security-groups"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.app-elb/actions/set-s3-logging"
},
{
"$ref": "#/definitions/resources/aws.app-elb/actions/set-shield"
},
{
"$ref": "#/definitions/resources/aws.app-elb/actions/set-waf"
},
{
"$ref": "#/definitions/resources/aws.app-elb/actions/set-wafv2"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"set-shield",
"set-waf",
"set-wafv2",
"set-s3-logging",
"mark-for-op",
"tag",
"remove-tag",
"delete",
"modify-attributes",
"modify-listener",
"modify-security-groups",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.app-elb-target-group": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"modify-attributes": {
"type": "object",
"additionalProperties": false,
"properties": {
"type": {
"enum": [
"modify-attributes"
]
},
"attributes": {
"type": "object",
"additionalProperties": false,
"properties": {
"proxy_protocol_v2.enabled": {
"enum": [
"true",
"false",
true,
false
]
},
"preserve_client_ip.enabled": {
"enum": [
"true",
"false",
true,
false
]
},
"stickiness.enabled": {
"enum": [
"true",
"false",
true,
false
]
},
"lambda.multi_value_headers.enabled": {
"enum": [
"true",
"false",
true,
false
]
},
"deregistration_delay.connection_termination.enabled": {
"enum": [
"true",
"false",
true,
false
]
},
"target_group_health.unhealthy_state_routing.minimum_healthy_targets.count": {
"type": "number"
},
"target_group_health.unhealthy_state_routing.minimum_healthy_targets.percentage": {
"type": "string"
},
"deregistration_delay.timeout_seconds": {
"type": "number"
},
"target_group_health.dns_failover.minimum_healthy_targets.count": {
"type": "string"
},
"stickiness.type": {
"enum": [
"lb_cookie",
"app_cookie",
"source_ip",
"source_ip_dest_ip",
"source_ip_dest_ip_proto"
]
},
"load_balancing.cross_zone.enabled": {
"enum": [
"true",
"false",
true,
false,
"use_load_balancer_configuration"
]
},
"target_group_health.dns_failover.minimum_healthy_targets.percentage": {
"type": "string"
},
"stickiness.app_cookie.cookie_name": {
"type": "string"
},
"stickiness.lb_cookie.duration_seconds": {
"type": "number"
},
"slow_start.duration_seconds": {
"type": "number"
},
"stickiness.app_cookie.duration_seconds": {
"type": "number"
},
"load_balancing.algorithm.type": {
"enum": [
"round_robin",
"least_outstanding_requests"
]
},
"target_failover.on_deregistration": {
"enum": [
"rebalance",
"no_rebalance"
]
},
"target_failover.on_unhealthy": {
"enum": [
"rebalance",
"no_rebalance"
]
}
}
}
}
}
},
"filters": {
"attributes": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"attributes"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"default-vpc": {
"type": "object",
"properties": {
"type": {
"enum": [
"default-vpc"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.app-elb-target-group",
"app-elb-target-group"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.app-elb-target-group/filters/attributes"
},
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/resources/aws.app-elb-target-group/filters/default-vpc"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"tag-count",
"marked-for-op",
"default-vpc",
"attributes",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.app-elb-target-group/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.app-elb-target-group/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.app-elb-target-group/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.app-elb-target-group/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/resources/aws.app-elb-target-group/actions/modify-attributes"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"mark-for-op",
"tag",
"remove-tag",
"delete",
"modify-attributes",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.app-flow": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
},
"force": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.app-flow",
"app-flow"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.app-flow/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.app-flow/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.app-flow/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.app-flow/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.app-flow/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"remove-tag",
"mark-for-op",
"delete",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.appdiscovery-agent": {
"actions": {},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.appdiscovery-agent",
"appdiscovery-agent"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.appdiscovery-agent/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.appdiscovery-agent/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.appdiscovery-agent/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.appmesh-mesh": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.appmesh-mesh",
"appmesh-mesh"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.appmesh-mesh/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.route"
},
{
"$ref": "#/definitions/filters/aws.router"
},
{
"$ref": "#/definitions/filters/aws.service"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"service",
"router",
"route",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.appmesh-mesh/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.appmesh-mesh/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.appmesh-mesh/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.appmesh-mesh/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.appmesh-virtualgateway": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.appmesh-virtualgateway",
"aws.appmesh-virtual-gateway",
"appmesh-virtual-gateway",
"appmesh-virtualgateway"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.gateway-route"
},
{
"$ref": "#/definitions/resources/aws.appmesh-virtualgateway/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"gateway-route",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.appmesh-virtualgateway/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.appmesh-virtualgateway/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.appmesh-virtualgateway/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.appmesh-virtualgateway/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.appmesh-virtualnode": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.appmesh-virtualnode",
"appmesh-virtualnode"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.appmesh-virtualnode/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.appmesh-virtualnode/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.appmesh-virtualnode/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.appmesh-virtualnode/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.appmesh-virtualnode/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.appstream-fleet": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.appstream-fleet",
"appstream-fleet"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.appstream-fleet/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.appstream-fleet/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.appstream-fleet/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.appstream-fleet/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.appstream-fleet/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.appstream-stack": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.appstream-stack",
"appstream-stack"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.appstream-stack/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.appstream-stack/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.appstream-stack/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.appstream-stack/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.appstream-stack/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.artifact-domain": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
},
"force": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"cross-account": {
"type": "object",
"properties": {
"type": {
"enum": [
"cross-account"
]
},
"actions": {
"type": "array",
"items": {
"type": "string"
}
},
"everyone_only": {
"type": "boolean"
},
"whitelist_conditions": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_orgids_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_orgids": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_vpce_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_vpce": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_vpc_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_vpc": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.artifact-domain",
"artifact-domain"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/resources/aws.artifact-domain/filters/cross-account"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"cross-account",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.artifact-domain/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.artifact-domain/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.artifact-domain/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.artifact-domain/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.artifact-repo": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"cross-account": {
"type": "object",
"properties": {
"type": {
"enum": [
"cross-account"
]
},
"actions": {
"type": "array",
"items": {
"type": "string"
}
},
"everyone_only": {
"type": "boolean"
},
"whitelist_conditions": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_orgids_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_orgids": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_vpce_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_vpce": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_vpc_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_vpc": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.artifact-repo",
"artifact-repo"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/resources/aws.artifact-repo/filters/cross-account"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.artifact-repo/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"cross-account",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.artifact-repo/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.artifact-repo/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.artifact-repo/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.artifact-repo/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.asg": {
"actions": {
"auto-tag-user": {
"type": "object",
"properties": {
"type": {
"enum": [
"auto-tag-user"
]
},
"user-type": {
"type": "array",
"items": {
"type": "string",
"enum": [
"IAMUser",
"AssumedRole",
"FederatedUser"
]
}
},
"update": {
"type": "boolean"
},
"tag": {
"type": "string"
},
"principal_id_tag": {
"type": "string"
},
"value": {
"type": "string",
"enum": [
"userName",
"arn",
"sourceIPAddress",
"principalId"
]
},
"propagate": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
},
"force": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"mark-for-op": {
"type": "object",
"properties": {
"type": {
"enum": [
"mark-for-op"
]
},
"op": {
"type": "string"
},
"key": {
"type": "string"
},
"tag": {
"type": "string"
},
"tz": {
"type": "string"
},
"msg": {
"type": "string"
},
"message": {
"type": "string"
},
"days": {
"type": "number",
"minimum": 0
},
"hours": {
"type": "number",
"minimum": 0
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"propagate-tags": {
"type": "object",
"properties": {
"type": {
"enum": [
"propagate-tags"
]
},
"tags": {
"type": "array",
"items": {
"type": "string"
}
},
"trim": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"remove-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"remove-tag",
"untag",
"unmark"
]
},
"tags": {
"type": "array",
"items": {
"type": "string"
}
},
"key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"propagate": {
"type": "boolean"
},
"source": {
"type": "string"
},
"dest": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"source",
"dest",
"type"
]
},
"resize": {
"type": "object",
"properties": {
"type": {
"enum": [
"resize"
]
},
"min-size": {
"type": "integer",
"minimum": 0
},
"max-size": {
"type": "integer",
"minimum": 0
},
"desired-size": {
"anyOf": [
{
"enum": [
"current"
]
},
{
"type": "integer",
"minimum": 0
}
]
},
"desired_size": {
"anyOf": [
{
"enum": [
"current"
]
},
{
"type": "integer",
"minimum": 0
}
]
},
"save-options-tag": {
"type": "string"
},
"restore-options-tag": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"resume": {
"type": "object",
"properties": {
"type": {
"enum": [
"resume"
]
},
"exclude": {
"type": "array",
"title": "ASG Processes to not resume",
"items": {
"enum": [
"ScheduledActions",
"Launch",
"AlarmNotification",
"AZRebalance",
"AddToLoadBalancer",
"InstanceRefresh",
"HealthCheck",
"ReplaceUnhealthy",
"Terminate"
]
}
},
"delay": {
"type": "number"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"suspend": {
"type": "object",
"properties": {
"type": {
"enum": [
"suspend"
]
},
"exclude": {
"type": "array",
"title": "ASG Processes to not suspend",
"items": {
"enum": [
"Launch",
"Terminate",
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions",
"AddToLoadBalancer",
"InstanceRefresh"
]
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"tag",
"mark"
]
},
"key": {
"type": "string"
},
"value": {
"type": "string"
},
"tags": {
"type": "object"
},
"tag": {
"type": "string"
},
"msg": {
"type": "string"
},
"propagate": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"update": {
"type": "object",
"properties": {
"type": {
"enum": [
"update"
]
},
"default-cooldown": {
"type": "integer",
"minimum": 0
},
"max-instance-lifetime": {
"anyOf": [
{
"enum": [
0
]
},
{
"type": "integer",
"minimum": 86400
}
]
},
"new-instances-protected-from-scale-in": {
"type": "boolean"
},
"capacity-rebalance": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"capacity-delta": {
"type": "object",
"properties": {
"type": {
"enum": [
"capacity-delta"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"image-age": {
"type": "object",
"properties": {
"type": {
"enum": [
"image-age"
]
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"days": {
"type": "number"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"invalid": {
"type": "object",
"properties": {
"type": {
"enum": [
"invalid"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"launch-config": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"launch-config"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"not-encrypted": {
"type": "object",
"properties": {
"type": {
"enum": [
"not-encrypted"
]
},
"exclude_image": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"progagated-tags": {
"type": "object",
"properties": {
"type": {
"enum": [
"progagated-tags",
"propagated-tags"
]
},
"keys": {
"type": "array",
"items": {
"type": "string"
}
},
"match": {
"type": "boolean"
},
"propagate": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"scaling-policy": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"scaling-policy"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"user-data": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"user-data"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"valid": {
"type": "object",
"properties": {
"type": {
"enum": [
"valid"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"vpc-id": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"vpc-id"
]
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.asg",
"asg"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.asg/filters/capacity-delta"
},
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/aws.cost-optimization"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.image"
},
{
"$ref": "#/definitions/resources/aws.asg/filters/image-age"
},
{
"$ref": "#/definitions/resources/aws.asg/filters/invalid"
},
{
"$ref": "#/definitions/resources/aws.asg/filters/json-diff"
},
{
"$ref": "#/definitions/resources/aws.asg/filters/launch-config"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/filters/aws.network-location"
},
{
"$ref": "#/definitions/resources/aws.asg/filters/not-encrypted"
},
{
"$ref": "#/definitions/filters/aws.offhour"
},
{
"$ref": "#/definitions/filters/aws.onhour"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/resources/aws.asg/filters/progagated-tags"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/resources/aws.asg/filters/scaling-policy"
},
{
"$ref": "#/definitions/filters/aws.security-group"
},
{
"$ref": "#/definitions/filters/aws.subnet"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/resources/aws.asg/filters/user-data"
},
{
"$ref": "#/definitions/resources/aws.asg/filters/valid"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"$ref": "#/definitions/resources/aws.asg/filters/vpc-id"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"offhour",
"onhour",
"tag-count",
"marked-for-op",
"network-location",
"security-group",
"subnet",
"launch-config",
"valid",
"invalid",
"not-encrypted",
"image-age",
"image",
"vpc-id",
"propagated-tags",
"progagated-tags",
"capacity-delta",
"user-data",
"scaling-policy",
"config-compliance",
"cost-optimization",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.asg/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.asg/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.asg/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.asg/actions/auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.asg/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/resources/aws.asg/actions/mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/resources/aws.asg/actions/propagate-tags"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/resources/aws.asg/actions/remove-tag"
},
{
"$ref": "#/definitions/resources/aws.asg/actions/rename-tag"
},
{
"$ref": "#/definitions/resources/aws.asg/actions/resize"
},
{
"$ref": "#/definitions/resources/aws.asg/actions/resume"
},
{
"$ref": "#/definitions/resources/aws.asg/actions/suspend"
},
{
"$ref": "#/definitions/resources/aws.asg/actions/tag"
},
{
"$ref": "#/definitions/actions/aws.tag-trim"
},
{
"$ref": "#/definitions/resources/aws.asg/actions/update"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"post-finding",
"auto-tag-user",
"tag-trim",
"resize",
"unmark",
"untag",
"remove-tag",
"mark",
"tag",
"propagate-tags",
"rename-tag",
"mark-for-op",
"suspend",
"resume",
"delete",
"update",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.athena-named-query": {
"actions": {},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.athena-named-query",
"athena-named-query"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"config-compliance",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.athena-named-query/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.athena-named-query/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.athena-named-query/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.backup-plan": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.backup-plan",
"backup-plan"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.backup-plan/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.backup-plan/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.backup-plan/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.backup-plan/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.backup-plan/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.backup-vault": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"kms-key": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"kms-key"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"match-resource": {
"type": "boolean"
},
"operator": {
"enum": [
"and",
"or"
]
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.backup-vault",
"backup-vault"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.backup-vault/filters/json-diff"
},
{
"$ref": "#/definitions/resources/aws.backup-vault/filters/kms-key"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"kms-key",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.backup-vault/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.backup-vault/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.backup-vault/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.backup-vault/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.batch-compute": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"update-environment": {
"type": "object",
"additionalProperties": false,
"properties": {
"type": {
"enum": [
"update-environment"
]
},
"computeEnvironment": {
"type": "string"
},
"state": {
"type": "string",
"enum": [
"ENABLED",
"DISABLED"
]
},
"computeResources": {
"type": "object",
"additionalProperties": false,
"properties": {
"minvCpus": {
"type": "integer"
},
"maxvCpus": {
"type": "integer"
},
"desiredvCpus": {
"type": "integer"
}
}
},
"serviceRole": {
"type": "string"
}
}
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.batch-compute",
"batch-compute"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.batch-compute/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.security-group"
},
{
"$ref": "#/definitions/filters/aws.subnet"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"security-group",
"subnet",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.batch-compute/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.batch-compute/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.batch-compute/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.batch-compute/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.batch-compute/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/resources/aws.batch-compute/actions/update-environment"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"update-environment",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.batch-definition": {
"actions": {
"deregister": {
"type": "object",
"properties": {
"type": {
"enum": [
"deregister"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.batch-definition",
"batch-definition"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.batch-definition/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.batch-definition/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.batch-definition/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.batch-definition/actions/deregister"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.batch-definition/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"deregister",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.batch-queue": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"update": {
"type": "object",
"additionalProperties": false,
"properties": {
"type": {
"enum": [
"update"
]
},
"state": {
"type": "string",
"enum": [
"ENABLED",
"DISABLED"
]
},
"schedulingPolicyArn": {
"type": "string"
},
"priority": {
"type": "integer"
},
"computeEnvironmentOrder": {
"type": "object",
"additionalProperties": false,
"properties": {
"order": {
"type": "integer"
},
"computeEnvironment": {
"type": "string"
}
}
}
}
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.batch-queue",
"batch-queue"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.batch-queue/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.batch-queue/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.batch-queue/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.batch-queue/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.batch-queue/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.batch-queue/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/resources/aws.batch-queue/actions/update"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"delete",
"update",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.bedrock-agent": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
},
"skipResourceInUseCheck": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"kms-key": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"kms-key"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"match-resource": {
"type": "boolean"
},
"operator": {
"enum": [
"and",
"or"
]
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.bedrock-agent",
"bedrock-agent"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.bedrock-agent/filters/kms-key"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"kms-key",
"marked-for-op",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.bedrock-agent/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.bedrock-agent/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.bedrock-agent/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.bedrock-agent/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"remove-tag",
"mark-for-op",
"delete",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.bedrock-custom-model": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"kms-key": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"kms-key"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"match-resource": {
"type": "boolean"
},
"operator": {
"enum": [
"and",
"or"
]
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.bedrock-custom-model",
"bedrock-custom-model"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.bedrock-custom-model/filters/kms-key"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"kms-key",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.bedrock-custom-model/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.bedrock-custom-model/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.bedrock-custom-model/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.bedrock-custom-model/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"remove-tag",
"mark-for-op",
"delete",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.bedrock-customization-job": {
"actions": {
"stop": {
"type": "object",
"properties": {
"type": {
"enum": [
"stop"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"kms-key": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"kms-key"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"match-resource": {
"type": "boolean"
},
"operator": {
"enum": [
"and",
"or"
]
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.bedrock-customization-job",
"bedrock-customization-job"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.bedrock-customization-job/filters/kms-key"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"kms-key",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.bedrock-customization-job/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.bedrock-customization-job/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.bedrock-customization-job/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.bedrock-customization-job/actions/stop"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"remove-tag",
"stop",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.bedrock-knowledge-base": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.bedrock-knowledge-base",
"bedrock-knowledge-base"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.bedrock-knowledge-base/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.bedrock-knowledge-base/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.bedrock-knowledge-base/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.bedrock-knowledge-base/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"remove-tag",
"mark-for-op",
"delete",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.budget": {
"actions": {},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.budget",
"budget"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.budget/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.budget/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.budget/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.cache-cluster": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
},
"skip-snapshot": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"snapshot": {
"type": "object",
"properties": {
"type": {
"enum": [
"snapshot"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.cache-cluster",
"cache-cluster"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.health-event"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/filters/aws.network-location"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.security-group"
},
{
"$ref": "#/definitions/filters/aws.subnet"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"marked-for-op",
"tag-count",
"security-group",
"subnet",
"network-location",
"config-compliance",
"health-event",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.cache-cluster/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.cache-cluster/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.cache-cluster/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.cache-cluster/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.modify-security-groups"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.cache-cluster/actions/rename-tag"
},
{
"$ref": "#/definitions/resources/aws.cache-cluster/actions/snapshot"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"mark",
"tag",
"auto-tag-user",
"mark-for-op",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"delete",
"snapshot",
"modify-security-groups",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.cache-snapshot": {
"actions": {
"copy-cluster-tags": {
"type": "object",
"properties": {
"type": {
"enum": [
"copy-cluster-tags"
]
},
"tags": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
}
},
"additionalProperties": false,
"required": [
"tags"
]
},
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"age": {
"type": "object",
"properties": {
"type": {
"enum": [
"age"
]
},
"days": {
"type": "number"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.cache-snapshot",
"cache-snapshot"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.cache-snapshot/filters/age"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"tag-count",
"age",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.cache-snapshot/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.cache-snapshot/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.cache-snapshot/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/resources/aws.cache-snapshot/actions/copy-cluster-tags"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.cache-snapshot/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.cache-snapshot/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"mark",
"tag",
"auto-tag-user",
"mark-for-op",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"delete",
"copy-cluster-tags",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.cache-subnet-group": {
"actions": {},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.cache-subnet-group",
"cache-subnet-group"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.cache-subnet-group/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.cache-subnet-group/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.cache-subnet-group/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.catalog-portfolio": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"remove-shared-accounts": {
"type": "object",
"properties": {
"type": {
"enum": [
"remove-shared-accounts"
]
},
"accounts": {
"oneOf": [
{
"enum": [
"matched"
]
},
{
"type": "array",
"items": {
"type": "string",
"pattern": "^[0-9]{12}$"
}
}
]
}
},
"additionalProperties": false,
"required": [
"accounts",
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"cross-account": {
"type": "object",
"properties": {
"type": {
"enum": [
"cross-account"
]
},
"whitelist_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.catalog-portfolio",
"catalog-portfolio"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/resources/aws.catalog-portfolio/filters/cross-account"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.catalog-portfolio/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"cross-account",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.catalog-portfolio/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.catalog-portfolio/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.catalog-portfolio/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.catalog-portfolio/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/resources/aws.catalog-portfolio/actions/remove-shared-accounts"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.catalog-portfolio/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"delete",
"remove-shared-accounts",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.catalog-product": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.catalog-product",
"catalog-product"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.catalog-product/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.catalog-product/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.catalog-product/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.catalog-product/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.catalog-product/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.cfn": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
},
"force": {
"type": "boolean",
"default": false
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-protection": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-protection"
]
},
"state": {
"type": "boolean",
"default": false
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.cfn",
"cfn"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.cfn/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.cfn/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.cfn/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.cfn/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.cfn/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.cfn/actions/set-protection"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"delete",
"set-protection",
"tag",
"remove-tag",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.cloud-directory": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"disable": {
"type": "object",
"properties": {
"type": {
"enum": [
"disable"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.cloud-directory",
"cloud-directory"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.cloud-directory/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.cloud-directory/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.cloud-directory/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.cloud-directory/actions/delete"
},
{
"$ref": "#/definitions/resources/aws.cloud-directory/actions/disable"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.cloud-directory/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"delete",
"disable",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.cloudhsm-cluster": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.cloudhsm-cluster",
"cloudhsm-cluster"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.subnet"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"subnet",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.cloudhsm-cluster/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.cloudhsm-cluster/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.cloudhsm-cluster/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.cloudhsm-cluster/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.cloudhsm-cluster/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.cloudsearch": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"enable-https": {
"type": "object",
"properties": {
"type": {
"enum": [
"enable-https"
]
},
"tls-policy": {
"enum": [
"Policy-Min-TLS-1-0-2019-07",
"Policy-Min-TLS-1-2-2019-07"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.cloudsearch",
"cloudsearch"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.domain-options"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"domain-options",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.cloudsearch/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.cloudsearch/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.cloudsearch/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.cloudsearch/actions/delete"
},
{
"$ref": "#/definitions/resources/aws.cloudsearch/actions/enable-https"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"delete",
"enable-https",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.cloudtrail": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-logging": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-logging"
]
},
"enabled": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"update-trail": {
"type": "object",
"properties": {
"type": {
"enum": [
"update-trail"
]
},
"attributes": {
"type": "object"
}
},
"additionalProperties": false,
"required": [
"attributes"
]
}
},
"filters": {
"event-selectors": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"event-selectors"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"is-shadow": {
"type": "object",
"properties": {
"type": {
"enum": [
"is-shadow"
]
},
"state": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"status": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"status"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.cloudtrail",
"cloudtrail"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/resources/aws.cloudtrail/filters/event-selectors"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.cloudtrail/filters/is-shadow"
},
{
"$ref": "#/definitions/resources/aws.cloudtrail/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/resources/aws.cloudtrail/filters/status"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"is-shadow",
"status",
"event-selectors",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.cloudtrail/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.cloudtrail/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.cloudtrail/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.cloudtrail/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.cloudtrail/actions/rename-tag"
},
{
"$ref": "#/definitions/resources/aws.cloudtrail/actions/set-logging"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/resources/aws.cloudtrail/actions/update-trail"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"update-trail",
"set-logging",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.cloudwatch-dashboard": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.cloudwatch-dashboard",
"cloudwatch-dashboard"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.cloudwatch-dashboard/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.cloudwatch-dashboard/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.cloudwatch-dashboard/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.cloudwatch-dashboard/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.codebuild": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.codebuild",
"codebuild"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.codebuild/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.security-group"
},
{
"$ref": "#/definitions/filters/aws.subnet"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"$ref": "#/definitions/filters/aws.vpc"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"marked-for-op",
"subnet",
"security-group",
"vpc",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.codebuild/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.codebuild/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.codebuild/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.codebuild/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.codebuild/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"post-finding",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.codebuild-credential": {
"actions": {},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.codebuild-credential",
"codebuild-credential"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.codebuild-credential/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.codebuild-credential/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.codebuild-credential/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.codecommit": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.codecommit",
"codecommit"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.codecommit/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.codecommit/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.codecommit/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.codecommit/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.codecommit/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.codedeploy-app": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.codedeploy-app",
"codedeploy-app"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.codedeploy-app/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"tag-count",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.codedeploy-app/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.codedeploy-app/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.codedeploy-app/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.codedeploy-app/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.codedeploy-app/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"mark",
"tag",
"auto-tag-user",
"mark-for-op",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.codedeploy-deployment": {
"actions": {},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.codedeploy-deployment",
"codedeploy-deployment"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.codedeploy-deployment/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.codedeploy-deployment/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.codedeploy-deployment/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.codedeploy-group": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.codedeploy-group",
"codedeploy-group"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.codedeploy-group/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"tag-count",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.codedeploy-group/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.codedeploy-group/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.codedeploy-group/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.codedeploy-group/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.codedeploy-group/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"mark",
"tag",
"auto-tag-user",
"mark-for-op",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.codepipeline": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.codepipeline",
"codepipeline"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.codepipeline/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.codepipeline/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.codepipeline/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.codepipeline/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.codepipeline/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.codepipeline/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.composite-alarm": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.composite-alarm",
"composite-alarm"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.composite-alarm/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.composite-alarm/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.composite-alarm/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.composite-alarm/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.composite-alarm/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.config-recorder": {
"actions": {},
"filters": {
"cross-account": {
"type": "object",
"properties": {
"type": {
"enum": [
"cross-account"
]
},
"allowed_regions": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_from": {
"type": "object",
"additionalProperties": "False",
"required": [
"url"
],
"properties": {
"url": {
"type": "string"
},
"query": {
"type": "string"
},
"format": {
"enum": [
"csv",
"json",
"txt",
"csv2dict"
]
},
"expr": {
"oneOf": [
{
"type": "integer"
},
{
"type": "string"
}
]
},
"headers": {
"type": "object",
"patternProperties": {
"": {
"type": "string"
}
}
}
}
},
"whitelist": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"retention": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"retention"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.config-recorder",
"config-recorder"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/resources/aws.config-recorder/filters/cross-account"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/resources/aws.config-recorder/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/resources/aws.config-recorder/filters/retention"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"cross-account",
"retention",
"config-compliance",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.config-recorder/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.config-recorder/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.config-recorder/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.config-rule": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"remediation": {
"type": "object",
"properties": {
"type": {
"enum": [
"remediation"
]
},
"rule_name": {
"type": "string"
},
"rule_prefix": {
"type": "string"
},
"remediation": {
"type": "object",
"properties": {
"target_type": {
"type": "string"
},
"target_id": {
"type": "string"
},
"automatic": {
"type": "boolean"
},
"parameters": {
"type": "object"
},
"maximum_automatic_attempts": {
"type": "integer",
"minimum": 1,
"maximum": 25
},
"retry_attempt_seconds": {
"type": "integer",
"minimum": 1,
"maximum": 2678000
},
"execution_controls": {
"type": "object"
}
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"status": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"status"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.config-rule",
"config-rule"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/resources/aws.config-rule/filters/remediation"
},
{
"$ref": "#/definitions/resources/aws.config-rule/filters/status"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"tag-count",
"status",
"remediation",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.config-rule/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.config-rule/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.config-rule/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.config-rule/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.config-rule/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"mark",
"tag",
"auto-tag-user",
"mark-for-op",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.connect-campaign": {
"actions": {},
"filters": {
"kms-key": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"kms-key"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"match-resource": {
"type": "boolean"
},
"operator": {
"enum": [
"and",
"or"
]
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.connect-campaign",
"connect-campaign"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.connect-campaign/filters/kms-key"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"kms-key",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.connect-campaign/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.connect-campaign/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.connect-campaign/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.connect-instance": {
"actions": {
"set-attributes": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-attributes"
]
},
"attribute_type": {
"anyOf": [
{
"enum": [
"INBOUND_CALLS",
"OUTBOUND_CALLS",
"CONTACTFLOW_LOGS",
"CONTACT_LENS",
"AUTO_RESOLVE_BEST_VOICES",
"USE_CUSTOM_TTS_VOICES",
"EARLY_MEDIA",
"MULTI_PARTY_CONFERENCE",
"HIGH_VOLUME_OUTBOUND",
"ENHANCED_CONTACT_MONITORING"
]
},
{
"type": "string"
}
]
},
"value": {}
},
"additionalProperties": false,
"required": [
"value",
"attribute_type",
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.connect-instance",
"connect-instance"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.instance-attribute"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"instance-attribute",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.connect-instance/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.connect-instance/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.connect-instance/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/resources/aws.connect-instance/actions/set-attributes"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"set-attributes",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.customer-gateway": {
"actions": {},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.customer-gateway",
"customer-gateway"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.customer-gateway/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"tag-count",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.customer-gateway/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.customer-gateway/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.customer-gateway/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.normalize-tag"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.tag-trim"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"auto-tag-user",
"mark-for-op",
"tag-trim",
"mark",
"tag",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"normalize-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.datalake-location": {
"actions": {
"deregister": {
"type": "object",
"properties": {
"type": {
"enum": [
"deregister"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"cross-account": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"cross-account"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.datalake-location",
"datalake-location"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/resources/aws.datalake-location/filters/cross-account"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"cross-account",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.datalake-location/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.datalake-location/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.datalake-location/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.datalake-location/actions/deregister"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"deregister",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.datapipeline": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.datapipeline",
"datapipeline"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"metrics",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.datapipeline/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.datapipeline/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.datapipeline/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.datapipeline/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"delete",
"mark-for-op",
"tag",
"remove-tag",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.datasync-agent": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.datasync-agent",
"datasync-agent"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.datasync-agent/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.datasync-agent/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.datasync-agent/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.datasync-agent/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.datasync-task": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.datasync-task",
"datasync-task"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.datasync-task/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.datasync-task/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.datasync-task/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.datasync-task/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.datasync-task/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.dax": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"update-cluster": {
"type": "object",
"additionalProperties": false,
"properties": {
"type": {
"enum": [
"update-cluster"
]
},
"Description": {
"type": "string"
},
"PreferredMaintenanceWindow": {
"type": "string"
},
"NotificationTopicArn": {
"type": "string"
},
"NotificationTopicStatus": {
"type": "string"
},
"ParameterGroupName": {
"type": "string"
}
}
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.dax",
"dax"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.security-group"
},
{
"$ref": "#/definitions/filters/aws.subnet"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"security-group",
"subnet",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.dax/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.dax/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.dax/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.dax/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.modify-security-groups"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/resources/aws.dax/actions/update-cluster"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"remove-tag",
"mark-for-op",
"delete",
"update-cluster",
"modify-security-groups",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.devicefarm-project": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.devicefarm-project",
"devicefarm-project"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.devicefarm-project/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.devicefarm-project/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.devicefarm-project/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.devicefarm-project/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.devicefarm-project/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.directconnect": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.directconnect",
"directconnect"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.health-event"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"health-event",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.directconnect/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.directconnect/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.directconnect/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.directconnect/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.directory": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"ldap": {
"type": "object",
"properties": {
"type": {
"enum": [
"ldap"
]
},
"status": {
"type": "string",
"enum": [
"Enabled",
"Disabled"
]
}
},
"additionalProperties": false,
"required": [
"status",
"type"
]
},
"settings": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"settings"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.directory",
"directory"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.health-event"
},
{
"$ref": "#/definitions/resources/aws.directory/filters/ldap"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.security-group"
},
{
"$ref": "#/definitions/resources/aws.directory/filters/settings"
},
{
"$ref": "#/definitions/filters/aws.subnet"
},
{
"$ref": "#/definitions/filters/aws.trust"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"$ref": "#/definitions/filters/aws.vpc"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"subnet",
"security-group",
"vpc",
"ldap",
"settings",
"trust",
"marked-for-op",
"health-event",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.directory/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.directory/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.directory/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.directory/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"remove-tag",
"mark-for-op",
"delete",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.distribution": {
"actions": {
"disable": {
"type": "object",
"properties": {
"type": {
"enum": [
"disable"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-attributes": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-attributes"
]
},
"attributes": {
"type": "object"
}
},
"additionalProperties": false,
"required": [
"attributes"
]
},
"set-protocols": {
"type": "object",
"additionalProperties": false,
"properties": {
"type": {
"enum": [
"set-protocols"
]
},
"OriginProtocolPolicy": {
"enum": [
"http-only",
"match-viewer",
"https-only"
]
},
"OriginSslProtocols": {
"type": "array",
"items": {
"enum": [
"SSLv3",
"TLSv1",
"TLSv1.1",
"TLSv1.2"
]
}
},
"ViewerProtocolPolicy": {
"enum": [
"allow-all",
"https-only",
"redirect-to-https"
]
}
}
},
"set-shield": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-shield"
]
},
"state": {
"type": "boolean"
},
"sync": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-waf": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-waf"
]
},
"web-acl": {
"type": "string"
},
"force": {
"type": "boolean"
},
"state": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"web-acl",
"type"
]
},
"set-wafv2": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-wafv2"
]
},
"web-acl": {
"type": "string"
},
"force": {
"type": "boolean"
},
"state": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"distribution-config": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"distribution-config"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"mismatch-s3-origin": {
"type": "object",
"properties": {
"type": {
"enum": [
"mismatch-s3-origin"
]
},
"check_custom_origins": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"shield-enabled": {
"type": "object",
"properties": {
"type": {
"enum": [
"shield-enabled"
]
},
"state": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"waf-enabled": {
"type": "object",
"properties": {
"type": {
"enum": [
"waf-enabled"
]
},
"web-acl": {
"type": "string"
},
"state": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.distribution",
"distribution"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/resources/aws.distribution/filters/distribution-config"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.distribution/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/resources/aws.distribution/filters/mismatch-s3-origin"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/resources/aws.distribution/filters/shield-enabled"
},
{
"$ref": "#/definitions/filters/aws.shield-metrics"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"$ref": "#/definitions/resources/aws.distribution/filters/waf-enabled"
},
{
"$ref": "#/definitions/filters/aws.wafv2-enabled"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"marked-for-op",
"tag-count",
"shield-metrics",
"shield-enabled",
"waf-enabled",
"wafv2-enabled",
"distribution-config",
"mismatch-s3-origin",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.distribution/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.distribution/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.distribution/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.distribution/actions/disable"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.distribution/actions/rename-tag"
},
{
"$ref": "#/definitions/resources/aws.distribution/actions/set-attributes"
},
{
"$ref": "#/definitions/resources/aws.distribution/actions/set-protocols"
},
{
"$ref": "#/definitions/resources/aws.distribution/actions/set-shield"
},
{
"$ref": "#/definitions/resources/aws.distribution/actions/set-waf"
},
{
"$ref": "#/definitions/resources/aws.distribution/actions/set-wafv2"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"mark",
"tag",
"auto-tag-user",
"mark-for-op",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"set-shield",
"post-finding",
"set-waf",
"set-wafv2",
"disable",
"set-protocols",
"set-attributes",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.dlm-policy": {
"actions": {},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.dlm-policy",
"dlm-policy"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.dlm-policy/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.dlm-policy/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.dlm-policy/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"remove-tag",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.dms-endpoint": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"modify-endpoint": {
"type": "object",
"additionalProperties": false,
"properties": {
"type": {
"enum": [
"modify-endpoint"
]
},
"Port": {
"type": "integer",
"minimum": 1,
"maximum": 65536
},
"ServerName": {
"type": "string"
},
"SslMode": {
"type": "string",
"enum": [
"none",
"require",
"verify-ca",
"verify-full"
]
},
"CertificateArn": {
"type": "string"
},
"DatabaseName": {
"type": "string"
},
"EndpointIdentifier": {
"type": "string"
},
"EngineName": {
"enum": [
"mysql",
"oracle",
"postgres",
"mariadb",
"aurora",
"redshift",
"S3",
"sybase",
"dynamodb",
"mongodb",
"sqlserver"
]
},
"ExtraConnectionAttributes": {
"type": "string"
},
"Username": {
"type": "string"
},
"Password": {
"type": "string"
},
"DynamoDbSettings": {
"type": "object",
"additionalProperties": false,
"required": [
"ServiceAccessRoleArn"
],
"properties": {
"ServiceAccessRoleArn": {
"type": "string"
}
}
},
"S3Settings": {
"type": "object",
"additionalProperties": false,
"properties": {
"BucketFolder": {
"type": "string"
},
"BucketName": {
"type": "string"
},
"CompressionType": {
"type": "string",
"enum": [
"none",
"gzip"
]
},
"CsvDelimiter": {
"type": "string"
},
"CsvRowDelimiter": {
"type": "string"
},
"ExternalTableDefinition": {
"type": "string"
},
"ServiceAccessRoleArn": {
"type": "string"
}
}
},
"MongoDbSettings": {
"type": "object",
"additionalProperties": false,
"properties": {
"AuthMechanism": {
"type": "string",
"enum": [
"default",
"mongodb_cr",
"scram_sha_1"
]
},
"AuthSource": {
"type": "string"
},
"Username": {
"type": "string"
},
"Password": {
"type": "string"
},
"DatabaseName": {
"type": "string"
},
"DocsToInvestigate": {
"type": "integer",
"minimum": 1
},
"ExtractDocId": {
"type": "string"
},
"NestingLevel": {
"type": "string",
"enum": [
"NONE",
"none",
"ONE",
"one"
]
},
"Port": {
"type": "integer",
"minimum": 1,
"maximum": 65535
},
"ServerName": {
"type": "string"
}
}
}
}
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.dms-endpoint",
"dms-endpoint"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.dms-endpoint/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.dms-endpoint/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.dms-endpoint/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.dms-endpoint/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.dms-endpoint/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/resources/aws.dms-endpoint/actions/modify-endpoint"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.dms-endpoint/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"modify-endpoint",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.dms-instance": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"modify-instance": {
"type": "object",
"additionalProperties": false,
"properties": {
"type": {
"enum": [
"modify-instance"
]
},
"ReplicationInstanceArn": {
"type": "string"
},
"AllocatedStorage": {
"type": "integer"
},
"ApplyImmediately": {
"type": "boolean"
},
"ReplicationInstanceClass": {
"type": "string"
},
"VpcSecurityGroupIds": {
"type": "array",
"items": {
"type": "string"
}
},
"PreferredMaintenanceWindow": {
"type": "string"
},
"MultiAZ": {
"type": "boolean"
},
"EngineVersion": {
"type": "string"
},
"AllowMajorVersionUpgrade": {
"type": "boolean"
},
"AutoMinorVersionUpgrade": {
"type": "boolean"
},
"ReplicationInstanceIdentifier": {
"type": "string"
}
}
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"kms-key": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"kms-key"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"match-resource": {
"type": "boolean"
},
"operator": {
"enum": [
"and",
"or"
]
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.dms-instance",
"dms-instance"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.health-event"
},
{
"$ref": "#/definitions/resources/aws.dms-instance/filters/json-diff"
},
{
"$ref": "#/definitions/resources/aws.dms-instance/filters/kms-key"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.security-group"
},
{
"$ref": "#/definitions/filters/aws.subnet"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"$ref": "#/definitions/filters/aws.vpc"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"kms-key",
"subnet",
"security-group",
"vpc",
"config-compliance",
"health-event",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.dms-instance/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.dms-instance/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.dms-instance/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.dms-instance/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/resources/aws.dms-instance/actions/modify-instance"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"delete",
"modify-instance",
"tag",
"remove-tag",
"mark-for-op",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.dms-replication-task": {
"actions": {
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.dms-replication-task",
"dms-replication-task"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.dms-replication-task/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.dms-replication-task/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.dms-replication-task/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.dms-replication-task/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.dms-replication-task/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.dynamodb-backup": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.dynamodb-backup",
"dynamodb-backup"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.dynamodb-backup/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.dynamodb-backup/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.dynamodb-backup/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.dynamodb-backup/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.dynamodb-stream": {
"actions": {},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.dynamodb-stream",
"dynamodb-stream"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.dynamodb-stream/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.dynamodb-stream/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.dynamodb-stream/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.dynamodb-table": {
"actions": {
"backup": {
"type": "object",
"properties": {
"type": {
"enum": [
"backup"
]
},
"prefix": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
},
"force": {
"type": "boolean",
"default": false
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-continuous-backup": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-continuous-backup"
]
},
"state": {
"type": "boolean",
"default": true
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-stream": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-stream"
]
},
"state": {
"type": "boolean"
},
"stream_view_type": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"update": {
"type": "object",
"properties": {
"type": {
"enum": [
"update"
]
},
"BillingMode": {
"enum": [
"PROVISIONED",
"PAY_PER_REQUEST"
]
},
"DeletionProtectionEnabled": {
"enum": [
true,
false
]
},
"ProvisionedThroughput": {
"type": "object",
"properties": {
"ReadCapacityUnits": {
"type": "integer"
},
"WriteCapacityUnits": {
"type": "integer"
}
}
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"consecutive-aws-backups": {
"type": "object",
"properties": {
"type": {
"enum": [
"consecutive-aws-backups"
]
},
"count": {
"type": "number",
"minimum": 1
},
"period": {
"enum": [
"hours",
"days",
"weeks"
]
},
"status": {
"enum": [
"COMPLETED",
"PARTIAL",
"DELETING",
"EXPIRED"
]
}
},
"additionalProperties": false,
"required": [
"count",
"period",
"status",
"type"
]
},
"consecutive-backups": {
"type": "object",
"properties": {
"type": {
"enum": [
"consecutive-backups"
]
},
"count": {
"type": "number",
"minimum": 1
},
"period": {
"enum": [
"hours",
"days",
"weeks"
]
},
"backuptype": {
"enum": [
"SYSTEM",
"USER",
"AWS_BACKUP",
"ALL"
]
},
"status": {
"enum": [
"AVAILABLE",
"CREATING",
"DELETED"
]
}
},
"additionalProperties": false,
"required": [
"count",
"period",
"status",
"backuptype",
"type"
]
},
"continuous-backup": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"continuous-backup"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"cross-account": {
"type": "object",
"properties": {
"type": {
"enum": [
"cross-account"
]
},
"actions": {
"type": "array",
"items": {
"type": "string"
}
},
"everyone_only": {
"type": "boolean"
},
"whitelist_conditions": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_orgids_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_orgids": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_vpce_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_vpce": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_vpc_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_vpc": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"has-statement": {
"type": "object",
"properties": {
"type": {
"enum": [
"has-statement"
]
},
"statement_ids": {
"type": "array",
"items": {
"type": "string"
}
},
"statements": {
"type": "array",
"items": {
"type": "object",
"properties": {
"Sid": {
"type": "string"
},
"Effect": {
"type": "string",
"enum": [
"Allow",
"Deny"
]
},
"Principal": {
"anyOf": [
{
"type": "string"
},
{
"type": "object"
},
{
"type": "array"
}
]
},
"NotPrincipal": {
"anyOf": [
{
"type": "object"
},
{
"type": "array"
}
]
},
"Action": {
"anyOf": [
{
"type": "string"
},
{
"type": "array"
}
]
},
"NotAction": {
"anyOf": [
{
"type": "string"
},
{
"type": "array"
}
]
},
"Resource": {
"anyOf": [
{
"type": "string"
},
{
"type": "array"
}
]
},
"NotResource": {
"anyOf": [
{
"type": "string"
},
{
"type": "array"
}
]
},
"Condition": {
"type": "object"
}
},
"required": [
"Effect"
]
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"kms-key": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"kms-key"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"match-resource": {
"type": "boolean"
},
"operator": {
"enum": [
"and",
"or"
]
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.dynamodb-table",
"dynamodb-table"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/resources/aws.dynamodb-table/filters/consecutive-aws-backups"
},
{
"$ref": "#/definitions/resources/aws.dynamodb-table/filters/consecutive-backups"
},
{
"$ref": "#/definitions/resources/aws.dynamodb-table/filters/continuous-backup"
},
{
"$ref": "#/definitions/resources/aws.dynamodb-table/filters/cross-account"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.dynamodb-table/filters/has-statement"
},
{
"$ref": "#/definitions/filters/aws.health-event"
},
{
"$ref": "#/definitions/resources/aws.dynamodb-table/filters/json-diff"
},
{
"$ref": "#/definitions/resources/aws.dynamodb-table/filters/kms-key"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"marked-for-op",
"kms-key",
"continuous-backup",
"cross-account",
"has-statement",
"consecutive-backups",
"consecutive-aws-backups",
"config-compliance",
"health-event",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.dynamodb-table/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.dynamodb-table/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.dynamodb-table/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/resources/aws.dynamodb-table/actions/backup"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.dynamodb-table/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.dynamodb-table/actions/rename-tag"
},
{
"$ref": "#/definitions/resources/aws.dynamodb-table/actions/set-continuous-backup"
},
{
"$ref": "#/definitions/resources/aws.dynamodb-table/actions/set-stream"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/resources/aws.dynamodb-table/actions/update"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"set-continuous-backup",
"update",
"delete",
"set-stream",
"backup",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.ebs": {
"actions": {
"copy-instance-tags": {
"type": "object",
"properties": {
"type": {
"enum": [
"copy-instance-tags"
]
},
"tags": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
},
"force": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"detach": {
"type": "object",
"properties": {
"type": {
"enum": [
"detach"
]
},
"force": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"encrypt-instance-volumes": {
"type": "object",
"properties": {
"type": {
"enum": [
"encrypt-instance-volumes"
]
},
"key": {
"type": "string"
},
"delay": {
"type": "number"
},
"verbose": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"key",
"type"
]
},
"modify": {
"type": "object",
"properties": {
"type": {
"enum": [
"modify"
]
},
"volume-type": {
"enum": [
"io1",
"io2",
"gp2",
"gp3",
"st1",
"sc1"
]
},
"shrink": false,
"size-percent": {
"type": "number"
},
"iops-percent": {
"type": "number"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"snapshot": {
"type": "object",
"properties": {
"type": {
"enum": [
"snapshot"
]
},
"copy-tags": {
"type": "array",
"items": {
"type": "string"
}
},
"copy-volume-tags": {
"type": "boolean"
},
"tags": {
"type": "object"
},
"description": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"fault-tolerant": {
"type": "object",
"properties": {
"type": {
"enum": [
"fault-tolerant"
]
},
"tolerant": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"health-event": {
"type": "object",
"properties": {
"type": {
"enum": [
"health-event"
]
},
"types": {
"type": "array",
"items": {
"type": "string",
"enum": [
"AWS_EBS_DEGRADED_EBS_VOLUME_PERFORMANCE",
"AWS_EBS_VOLUME_LOST"
]
}
},
"statuses": {
"type": "array",
"items": {
"type": "string",
"enum": [
"open",
"upcoming",
"closed"
]
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"instance": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"instance"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"kms-alias": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"kms-alias"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"modifyable": {
"type": "object",
"properties": {
"type": {
"enum": [
"modifyable"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.ebs",
"ebs"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/aws.cost-optimization"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/resources/aws.ebs/filters/fault-tolerant"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.ebs/filters/health-event"
},
{
"$ref": "#/definitions/resources/aws.ebs/filters/instance"
},
{
"$ref": "#/definitions/resources/aws.ebs/filters/json-diff"
},
{
"$ref": "#/definitions/resources/aws.ebs/filters/kms-alias"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/resources/aws.ebs/filters/modifyable"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.snapshots"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"marked-for-op",
"tag-count",
"snapshots",
"instance",
"kms-alias",
"fault-tolerant",
"health-event",
"modifyable",
"config-compliance",
"cost-optimization",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.ebs/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.ebs/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.ebs/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/resources/aws.ebs/actions/copy-instance-tags"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.ebs/actions/delete"
},
{
"$ref": "#/definitions/resources/aws.ebs/actions/detach"
},
{
"$ref": "#/definitions/resources/aws.ebs/actions/encrypt-instance-volumes"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/resources/aws.ebs/actions/modify"
},
{
"$ref": "#/definitions/actions/aws.normalize-tag"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.rename-tag"
},
{
"$ref": "#/definitions/resources/aws.ebs/actions/snapshot"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.tag-trim"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"auto-tag-user",
"mark-for-op",
"tag-trim",
"mark",
"tag",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"normalize-tag",
"post-finding",
"detach",
"copy-instance-tags",
"encrypt-instance-volumes",
"snapshot",
"delete",
"modify",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.ebs-snapshot": {
"actions": {
"copy": {
"type": "object",
"properties": {
"type": {
"enum": [
"copy"
]
},
"target_region": {
"type": "string"
},
"target_key": {
"type": "string"
},
"encrypted": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
},
"skip-ami-snapshots": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-permissions": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-permissions"
]
},
"remove": {
"oneOf": [
{
"enum": [
"matched"
]
},
{
"type": "array",
"items": {
"type": "string",
"minLength": 12,
"maxLength": 12
}
}
]
},
"add": {
"type": "array",
"items": {
"type": "string",
"minLength": 12,
"maxLength": 12
}
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"age": {
"type": "object",
"properties": {
"type": {
"enum": [
"age"
]
},
"days": {
"type": "number"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"cross-account": {
"type": "object",
"properties": {
"type": {
"enum": [
"cross-account"
]
},
"actions": {
"type": "array",
"items": {
"type": "string"
}
},
"everyone_only": {
"type": "boolean"
},
"whitelist_conditions": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_orgids_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_orgids": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_vpce_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_vpce": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_vpc_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_vpc": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"skip-ami-snapshots": {
"type": "object",
"properties": {
"type": {
"enum": [
"skip-ami-snapshots"
]
},
"value": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"unused": {
"type": "object",
"properties": {
"type": {
"enum": [
"unused"
]
},
"value": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"volume": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"volume"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.ebs-snapshot",
"ebs-snapshot"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.ebs-snapshot/filters/age"
},
{
"$ref": "#/definitions/resources/aws.ebs-snapshot/filters/cross-account"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/resources/aws.ebs-snapshot/filters/skip-ami-snapshots"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/resources/aws.ebs-snapshot/filters/unused"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"$ref": "#/definitions/resources/aws.ebs-snapshot/filters/volume"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"tag-count",
"age",
"cross-account",
"unused",
"skip-ami-snapshots",
"volume",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.ebs-snapshot/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.ebs-snapshot/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.ebs-snapshot/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/resources/aws.ebs-snapshot/actions/copy"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.ebs-snapshot/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.normalize-tag"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.rename-tag"
},
{
"$ref": "#/definitions/resources/aws.ebs-snapshot/actions/set-permissions"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.tag-trim"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"auto-tag-user",
"mark-for-op",
"tag-trim",
"mark",
"tag",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"normalize-tag",
"delete",
"copy",
"set-permissions",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.ec2": {
"actions": {
"autorecover-alarm": {
"type": "object",
"properties": {
"type": {
"enum": [
"autorecover-alarm"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"propagate-spot-tags": {
"type": "object",
"properties": {
"type": {
"enum": [
"propagate-spot-tags"
]
},
"only_tags": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"reboot": {
"type": "object",
"properties": {
"type": {
"enum": [
"reboot"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"resize": {
"type": "object",
"properties": {
"type": {
"enum": [
"resize"
]
},
"restart": {
"type": "boolean"
},
"type-map": {
"type": "object"
},
"default": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"send-command": {
"type": "object",
"properties": {
"type": {
"enum": [
"send-command"
]
},
"command": {
"type": "object"
}
},
"additionalProperties": false,
"required": [
"command"
]
},
"set-instance-profile": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-instance-profile"
]
},
"name": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-metadata-access": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-metadata-access"
]
},
"anyOf": [
{
"required": [
"endpoint"
]
},
{
"required": [
"tokens"
]
},
{
"required": [
"metadatatags"
]
},
{
"required": [
"hop-limit"
]
}
],
"endpoint": {
"enum": [
"enabled",
"disabled"
]
},
"tokens": {
"enum": [
"required",
"optional"
]
},
"metadata-tags": {
"enum": [
"enabled",
"disabled"
]
},
"hop-limit": {
"type": "integer",
"minimum": 1,
"maximum": 64
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-monitoring": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-monitoring"
]
},
"state": {
"enum": [
"enable",
"disable"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"snapshot": {
"type": "object",
"properties": {
"type": {
"enum": [
"snapshot"
]
},
"copy-tags": {
"type": "array",
"items": {
"type": "string"
}
},
"copy-volume-tags": {
"type": "boolean"
},
"tags": {
"type": "object"
},
"exclude-boot": {
"type": "boolean",
"default": false
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"start": {
"type": "object",
"properties": {
"type": {
"enum": [
"start"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"stop": {
"type": "object",
"properties": {
"type": {
"enum": [
"stop"
]
},
"terminate-ephemeral": {
"type": "boolean"
},
"hibernate": {
"type": "boolean"
},
"force": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"terminate": {
"type": "object",
"properties": {
"type": {
"enum": [
"terminate"
]
},
"force": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"default-vpc": {
"type": "object",
"properties": {
"type": {
"enum": [
"default-vpc"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"ebs": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"ebs"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"operator": {
"enum": [
"and",
"or"
]
},
"skip-devices": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"ephemeral": {
"type": "object",
"properties": {
"type": {
"enum": [
"ephemeral"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"has-specific-managed-policy": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"has-specific-managed-policy"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"image": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"image"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"image-age": {
"type": "object",
"properties": {
"type": {
"enum": [
"image-age"
]
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"days": {
"type": "number"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"instance-age": {
"type": "object",
"properties": {
"type": {
"enum": [
"instance-age"
]
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"days": {
"type": "number"
},
"hours": {
"type": "number"
},
"minutes": {
"type": "number"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"instance-attribute": {
"type": "object",
"additionalProperties": false,
"required": [
"attribute"
],
"properties": {
"type": {
"enum": [
"instance-attribute"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"attribute": {
"enum": [
"instanceType",
"kernel",
"ramdisk",
"userData",
"disableApiTermination",
"instanceInitiatedShutdownBehavior",
"rootDeviceName",
"blockDeviceMapping",
"productCodes",
"sourceDestCheck",
"groupSet",
"ebsOptimized",
"sriovNetSupport",
"enaSupport"
]
}
}
},
"instance-uptime": {
"type": "object",
"properties": {
"type": {
"enum": [
"instance-uptime"
]
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"days": {
"type": "number"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"offhour": {
"type": "object",
"properties": {
"tag": {
"type": "string"
},
"default_tz": {
"type": "string"
},
"fallback-schedule": {
"type": "string"
},
"fallback_schedule": {
"type": "string"
},
"weekends": {
"type": "boolean"
},
"weekends-only": {
"type": "boolean"
},
"opt-out": {
"type": "boolean"
},
"skip-days": {
"type": "array",
"items": {
"type": "string",
"pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}"
}
},
"skip-days-from": {
"type": "object",
"additionalProperties": "False",
"required": [
"url"
],
"properties": {
"url": {
"type": "string"
},
"query": {
"type": "string"
},
"format": {
"enum": [
"csv",
"json",
"txt",
"csv2dict"
]
},
"expr": {
"oneOf": [
{
"type": "integer"
},
{
"type": "string"
}
]
},
"headers": {
"type": "object",
"patternProperties": {
"": {
"type": "string"
}
}
}
}
},
"type": {
"enum": [
"offhour"
]
},
"offhour": {
"type": "integer",
"minimum": 0,
"maximum": 23
},
"state-filter": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"onhour": {
"type": "object",
"properties": {
"tag": {
"type": "string"
},
"default_tz": {
"type": "string"
},
"fallback-schedule": {
"type": "string"
},
"fallback_schedule": {
"type": "string"
},
"weekends": {
"type": "boolean"
},
"weekends-only": {
"type": "boolean"
},
"opt-out": {
"type": "boolean"
},
"skip-days": {
"type": "array",
"items": {
"type": "string",
"pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}"
}
},
"skip-days-from": {
"type": "object",
"additionalProperties": "False",
"required": [
"url"
],
"properties": {
"url": {
"type": "string"
},
"query": {
"type": "string"
},
"format": {
"enum": [
"csv",
"json",
"txt",
"csv2dict"
]
},
"expr": {
"oneOf": [
{
"type": "integer"
},
{
"type": "string"
}
]
},
"headers": {
"type": "object",
"patternProperties": {
"": {
"type": "string"
}
}
}
}
},
"type": {
"enum": [
"onhour"
]
},
"onhour": {
"type": "integer",
"minimum": 0,
"maximum": 23
},
"state-filter": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"singleton": {
"type": "object",
"properties": {
"type": {
"enum": [
"singleton"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"ssm": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"ssm"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"ssm-compliance": {
"type": "object",
"properties": {
"type": {
"enum": [
"ssm-compliance"
]
},
"compliance_types": {
"type": "array",
"items": {
"type": "string"
}
},
"severity": {
"type": "array",
"items": {
"type": "string"
}
},
"op": {
"enum": [
"or",
"and"
]
},
"eval_filters": {
"type": "array",
"items": {
"oneOf": [
{
"$ref": "#/definitions/filters/valuekv"
},
{
"$ref": "#/definitions/filters/value"
}
]
}
},
"states": {
"type": "array",
"default": [
"NON_COMPLIANT"
],
"items": {
"enum": [
"COMPLIANT",
"NON_COMPLIANT"
]
}
}
},
"additionalProperties": false,
"required": [
"compliance_types",
"type"
]
},
"ssm-inventory": {
"type": "object",
"properties": {
"type": {
"enum": [
"ssm-inventory"
]
},
"query": {
"type": "array",
"items": {
"type": "object",
"properties": {
"Key": {
"type": "string"
},
"Values": {
"type": "array",
"items": {
"type": "string"
}
},
"Type": {
"enum": [
"Equal",
"NotEqual",
"BeginWith",
"LessThan",
"GreaterThan",
"Exists"
]
}
},
"required": [
"Key",
"Values"
]
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"state-age": {
"type": "object",
"properties": {
"type": {
"enum": [
"state-age"
]
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"days": {
"type": "number"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"stop-protected": {
"type": "object",
"properties": {
"type": {
"enum": [
"stop-protected"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"termination-protected": {
"type": "object",
"properties": {
"type": {
"enum": [
"termination-protected"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"user-data": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"user-data"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.ec2",
"ec2"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.check-permissions"
},
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/aws.cost-optimization"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/default-vpc"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/ebs"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/ephemeral"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/has-specific-managed-policy"
},
{
"$ref": "#/definitions/filters/aws.health-event"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/image"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/image-age"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/instance-age"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/instance-attribute"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/instance-uptime"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/filters/aws.network-location"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/offhour"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/onhour"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.security-group"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/singleton"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/ssm"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/ssm-compliance"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/ssm-inventory"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/state-age"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/stop-protected"
},
{
"$ref": "#/definitions/filters/aws.subnet"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/termination-protected"
},
{
"$ref": "#/definitions/resources/aws.ec2/filters/user-data"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"$ref": "#/definitions/filters/aws.vpc"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"marked-for-op",
"tag-count",
"security-group",
"subnet",
"vpc",
"check-permissions",
"state-age",
"ebs",
"stop-protected",
"termination-protected",
"image-age",
"image",
"offhour",
"network-location",
"onhour",
"ephemeral",
"instance-uptime",
"instance-age",
"default-vpc",
"user-data",
"singleton",
"ssm",
"ssm-inventory",
"ssm-compliance",
"instance-attribute",
"has-specific-managed-policy",
"config-compliance",
"cost-optimization",
"health-event",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.ec2/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.ec2/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.ec2/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/resources/aws.ec2/actions/autorecover-alarm"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.modify-security-groups"
},
{
"$ref": "#/definitions/actions/aws.normalize-tag"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/resources/aws.ec2/actions/propagate-spot-tags"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/resources/aws.ec2/actions/reboot"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.rename-tag"
},
{
"$ref": "#/definitions/resources/aws.ec2/actions/resize"
},
{
"$ref": "#/definitions/resources/aws.ec2/actions/send-command"
},
{
"$ref": "#/definitions/resources/aws.ec2/actions/set-instance-profile"
},
{
"$ref": "#/definitions/resources/aws.ec2/actions/set-metadata-access"
},
{
"$ref": "#/definitions/resources/aws.ec2/actions/set-monitoring"
},
{
"$ref": "#/definitions/resources/aws.ec2/actions/snapshot"
},
{
"$ref": "#/definitions/resources/aws.ec2/actions/start"
},
{
"$ref": "#/definitions/resources/aws.ec2/actions/stop"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.tag-trim"
},
{
"$ref": "#/definitions/resources/aws.ec2/actions/terminate"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"auto-tag-user",
"mark-for-op",
"tag-trim",
"mark",
"tag",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"normalize-tag",
"set-monitoring",
"set-metadata-access",
"post-finding",
"start",
"resize",
"stop",
"reboot",
"terminate",
"snapshot",
"modify-security-groups",
"autorecover-alarm",
"set-instance-profile",
"propagate-spot-tags",
"send-command",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.ec2-capacity-reservation": {
"actions": {},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.ec2-capacity-reservation",
"ec2-capacity-reservation"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"tag-count",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.ec2-capacity-reservation/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.ec2-capacity-reservation/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.ec2-capacity-reservation/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.normalize-tag"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.tag-trim"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"auto-tag-user",
"mark-for-op",
"tag-trim",
"mark",
"tag",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"normalize-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.ec2-host": {
"actions": {},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.ec2-host",
"ec2-host"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.ec2-host/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"tag-count",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.ec2-host/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.ec2-host/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.ec2-host/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.normalize-tag"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.tag-trim"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"auto-tag-user",
"mark-for-op",
"tag-trim",
"mark",
"tag",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"normalize-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.ec2-reserved": {
"actions": {},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.ec2-reserved",
"ec2-reserved"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"tag-count",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.ec2-reserved/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.ec2-reserved/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.ec2-reserved/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.normalize-tag"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.tag-trim"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"auto-tag-user",
"mark-for-op",
"tag-trim",
"mark",
"tag",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"normalize-tag",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.ec2-spot-fleet-request": {
"actions": {
"resize": {
"type": "object",
"properties": {
"type": {
"enum": [
"resize"
]
},
"min-capacity": {
"type": "integer",
"minimum": 0
},
"max-capacity": {
"type": "integer",
"minimum": 0
},
"desired": {
"anyOf": [
{
"enum": [
"current"
]
},
{
"type": "integer",
"minimum": 0
}
]
},
"save-options-tag": {
"type": "string"
},
"restore-options-tag": {
"type": "string"
},
"suspend-scaling": {
"type": "boolean"
},
"restore-scaling": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.ec2-spot-fleet-request",
"ec2-spot-fleet-request"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.ec2-spot-fleet-request/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.offhour"
},
{
"$ref": "#/definitions/filters/aws.onhour"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"tag-count",
"offhour",
"onhour",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.ec2-spot-fleet-request/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.ec2-spot-fleet-request/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.ec2-spot-fleet-request/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.normalize-tag"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.rename-tag"
},
{
"$ref": "#/definitions/resources/aws.ec2-spot-fleet-request/actions/resize"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.tag-trim"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"auto-tag-user",
"mark-for-op",
"tag-trim",
"mark",
"tag",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"normalize-tag",
"resize",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.ecr": {
"actions": {
"remove-statements": {
"type": "object",
"properties": {
"type": {
"enum": [
"remove-statements"
]
},
"statement_ids": {
"oneOf": [
{
"enum": [
"matched",
"*"
]
},
{
"type": "array",
"items": {
"type": "string"
}
}
]
}
},
"additionalProperties": false,
"required": [
"statement_ids",
"type"
]
},
"set-immutability": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-immutability"
]
},
"state": {
"type": "boolean",
"default": true
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-lifecycle": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-lifecycle"
]
},
"state": {
"type": "boolean"
},
"rules": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"required": [
"rulePriority",
"action",
"selection"
],
"properties": {
"rulePriority": {
"type": "integer"
},
"description": {
"type": "string"
},
"action": {
"type": "object",
"required": [
"type"
],
"additionalProperties": false,
"properties": {
"type": {
"enum": [
"expire"
]
}
}
},
"selection": {
"type": "object",
"addtionalProperties": false,
"required": [
"countType",
"countNumber",
"tagStatus"
],
"properties": {
"tagStatus": {
"enum": [
"tagged",
"untagged",
"any"
]
},
"tagPrefixList": {
"type": "array",
"items": {
"type": "string"
}
},
"countNumber": {
"type": "integer"
},
"countUnit": {
"enum": [
"hours",
"days"
]
},
"countType": {
"enum": [
"imageCountMoreThan",
"sinceImagePushed"
]
}
}
}
}
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-scanning": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-scanning"
]
},
"state": {
"type": "boolean",
"default": true
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"cross-account": {
"type": "object",
"properties": {
"type": {
"enum": [
"cross-account"
]
},
"actions": {
"type": "array",
"items": {
"type": "string"
}
},
"everyone_only": {
"type": "boolean"
},
"whitelist_conditions": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_orgids_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_orgids": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_vpce_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_vpce": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_vpc_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_vpc": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"lifecycle-rule": {
"type": "object",
"properties": {
"type": {
"enum": [
"lifecycle-rule"
]
},
"state": {
"type": "boolean"
},
"match": {
"type": "array",
"items": {
"oneOf": [
{
"$ref": "#/definitions/filters/value"
},
{
"type": "object",
"minProperties": 1,
"maxProperties": 1
}
]
}
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.ecr",
"ecr"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/resources/aws.ecr/filters/cross-account"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.ecr/filters/json-diff"
},
{
"$ref": "#/definitions/resources/aws.ecr/filters/lifecycle-rule"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"marked-for-op",
"cross-account",
"lifecycle-rule",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.ecr/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.ecr/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.ecr/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.modify-ecr-policy"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/resources/aws.ecr/actions/remove-statements"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.ecr/actions/set-immutability"
},
{
"$ref": "#/definitions/resources/aws.ecr/actions/set-lifecycle"
},
{
"$ref": "#/definitions/resources/aws.ecr/actions/set-scanning"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"modify-ecr-policy",
"tag",
"set-scanning",
"set-immutability",
"remove-tag",
"mark-for-op",
"set-lifecycle",
"remove-statements",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.ecr-image": {
"actions": {},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.ecr-image",
"ecr-image"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.ecr-image/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.ecr-image/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.ecr-image/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.modify-ecr-policy"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"modify-ecr-policy",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.ecs": {
"actions": {},
"filters": {
"ebs-storage": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"ebs-storage"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"operator": {
"type": "string",
"enum": [
"or",
"and"
]
}
}
},
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.ecs",
"ecs"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/resources/aws.ecs/filters/ebs-storage"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.ecs/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"ebs-storage",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.ecs/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.ecs/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.ecs/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"remove-tag",
"mark-for-op",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.ecs-container-instance": {
"actions": {
"set-state": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-state"
]
},
"state": {
"type": "string",
"enum": [
"DRAINING",
"ACTIVE"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"update-agent": {
"type": "object",
"properties": {
"type": {
"enum": [
"update-agent"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"taggable": {
"type": "object",
"properties": {
"type": {
"enum": [
"taggable"
]
},
"state": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.ecs-container-instance",
"ecs-container-instance"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.subnet"
},
{
"$ref": "#/definitions/resources/aws.ecs-container-instance/filters/taggable"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"subnet",
"taggable",
"marked-for-op",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.ecs-container-instance/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.ecs-container-instance/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.ecs-container-instance/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.ecs-container-instance/actions/set-state"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/resources/aws.ecs-container-instance/actions/update-agent"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"set-state",
"update-agent",
"tag",
"remove-tag",
"mark-for-op",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.ecs-service": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"modify": {
"type": "object",
"properties": {
"type": {
"enum": [
"modify"
]
},
"update": {
"desiredCount": {
"type": "integer"
},
"taskDefinition": {
"type": "string"
},
"deploymentConfiguration": {
"type": "object",
"properties": {
"maximumPercent": {
"type": "integer"
},
"minimumHealthyPercent": {
"type": "integer"
}
}
},
"networkConfiguration": {
"type": "object",
"properties": {
"awsvpcConfiguration": {
"type": "object",
"properties": {
"subnets": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
},
"securityGroups": {
"items": {
"type": "string"
}
},
"assignPublicIp": {
"type": "string",
"enum": [
"ENABLED",
"DISABLED"
]
}
}
}
}
},
"platformVersion": {
"type": "string"
},
"forceNewDeployment": {
"type": "boolean",
"default": false
},
"healthCheckGracePeriodSeconds": {
"type": "integer"
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"modify-definition": {
"type": "object",
"properties": {
"type": {
"enum": [
"modify-definition"
]
},
"properties": {
"type": "object"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"resize": {
"type": "object",
"properties": {
"type": {
"enum": [
"resize"
]
},
"min-capacity": {
"type": "integer",
"minimum": 0
},
"max-capacity": {
"type": "integer",
"minimum": 0
},
"desired": {
"anyOf": [
{
"enum": [
"current"
]
},
{
"type": "integer",
"minimum": 0
}
]
},
"save-options-tag": {
"type": "string"
},
"restore-options-tag": {
"type": "string"
},
"suspend-scaling": {
"type": "boolean"
},
"restore-scaling": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"taggable": {
"type": "object",
"properties": {
"type": {
"enum": [
"taggable"
]
},
"state": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"task-definition": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"task-definition"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.ecs-service",
"ecs-service"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/aws.cost-optimization"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.ecs-service/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/filters/aws.network-location"
},
{
"$ref": "#/definitions/filters/aws.offhour"
},
{
"$ref": "#/definitions/filters/aws.onhour"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.security-group"
},
{
"$ref": "#/definitions/filters/aws.subnet"
},
{
"$ref": "#/definitions/resources/aws.ecs-service/filters/taggable"
},
{
"$ref": "#/definitions/resources/aws.ecs-service/filters/task-definition"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"task-definition",
"subnet",
"security-group",
"network-location",
"taggable",
"marked-for-op",
"offhour",
"onhour",
"config-compliance",
"cost-optimization",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.ecs-service/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.ecs-service/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.ecs-service/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.ecs-service/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/resources/aws.ecs-service/actions/modify"
},
{
"$ref": "#/definitions/resources/aws.ecs-service/actions/modify-definition"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.ecs-service/actions/resize"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"modify-definition",
"modify",
"delete",
"tag",
"remove-tag",
"mark-for-op",
"auto-tag-user",
"resize",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.ecs-task": {
"actions": {
"stop": {
"type": "object",
"properties": {
"type": {
"enum": [
"stop"
]
},
"reason": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"taggable": {
"type": "object",
"properties": {
"type": {
"enum": [
"taggable"
]
},
"state": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"task-definition": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"task-definition"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.ecs-task",
"ecs-task"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.network-location"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.security-group"
},
{
"$ref": "#/definitions/filters/aws.subnet"
},
{
"$ref": "#/definitions/resources/aws.ecs-task/filters/taggable"
},
{
"$ref": "#/definitions/resources/aws.ecs-task/filters/task-definition"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"subnet",
"security-group",
"network-location",
"task-definition",
"taggable",
"marked-for-op",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.ecs-task/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.ecs-task/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.ecs-task/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.ecs-task/actions/stop"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"stop",
"tag",
"remove-tag",
"mark-for-op",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.ecs-task-definition": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
},
"force": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.ecs-task-definition",
"ecs-task-definition"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.ecs-task-definition/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.ecs-task-definition/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.ecs-task-definition/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.ecs-task-definition/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.ecs-task-definition/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"delete",
"tag",
"remove-tag",
"mark-for-op",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.efs": {
"actions": {
"configure-lifecycle-policy": {
"type": "object",
"properties": {
"type": {
"enum": [
"configure-lifecycle-policy"
]
},
"state": {
"enum": [
"enable",
"disable"
]
},
"rules": {
"type": "array",
"items": {
"type": "object"
}
}
},
"additionalProperties": false,
"required": [
"state",
"type"
]
},
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"check-secure-transport": {
"type": "object",
"properties": {
"type": {
"enum": [
"check-secure-transport"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"consecutive-aws-backups": {
"type": "object",
"properties": {
"type": {
"enum": [
"consecutive-aws-backups"
]
},
"count": {
"type": "number",
"minimum": 1
},
"period": {
"enum": [
"hours",
"days",
"weeks"
]
},
"status": {
"enum": [
"COMPLETED",
"PARTIAL",
"DELETING",
"EXPIRED"
]
}
},
"additionalProperties": false,
"required": [
"count",
"period",
"status",
"type"
]
},
"has-statement": {
"type": "object",
"properties": {
"type": {
"enum": [
"has-statement"
]
},
"statement_ids": {
"type": "array",
"items": {
"type": "string"
}
},
"statements": {
"type": "array",
"items": {
"type": "object",
"properties": {
"Sid": {
"type": "string"
},
"Effect": {
"type": "string",
"enum": [
"Allow",
"Deny"
]
},
"Principal": {
"anyOf": [
{
"type": "string"
},
{
"type": "object"
},
{
"type": "array"
}
]
},
"NotPrincipal": {
"anyOf": [
{
"type": "object"
},
{
"type": "array"
}
]
},
"Action": {
"anyOf": [
{
"type": "string"
},
{
"type": "array"
}
]
},
"NotAction": {
"anyOf": [
{
"type": "string"
},
{
"type": "array"
}
]
},
"Resource": {
"anyOf": [
{
"type": "string"
},
{
"type": "array"
}
]
},
"NotResource": {
"anyOf": [
{
"type": "string"
},
{
"type": "array"
}
]
},
"Condition": {
"type": "object"
}
},
"required": [
"Effect"
]
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"kms-key": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"kms-key"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"match-resource": {
"type": "boolean"
},
"operator": {
"enum": [
"and",
"or"
]
}
}
},
"lifecycle-policy": {
"type": "object",
"properties": {
"type": {
"enum": [
"lifecycle-policy"
]
},
"state": {
"enum": [
"present",
"absent"
]
},
"value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"state",
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.efs",
"efs"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.efs/filters/check-secure-transport"
},
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/resources/aws.efs/filters/consecutive-aws-backups"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.efs/filters/has-statement"
},
{
"$ref": "#/definitions/filters/aws.health-event"
},
{
"$ref": "#/definitions/resources/aws.efs/filters/json-diff"
},
{
"$ref": "#/definitions/resources/aws.efs/filters/kms-key"
},
{
"$ref": "#/definitions/resources/aws.efs/filters/lifecycle-policy"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"marked-for-op",
"tag-count",
"kms-key",
"lifecycle-policy",
"check-secure-transport",
"has-statement",
"consecutive-aws-backups",
"config-compliance",
"health-event",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.efs/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.efs/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.efs/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/resources/aws.efs/actions/configure-lifecycle-policy"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.efs/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.efs/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"mark",
"tag",
"auto-tag-user",
"mark-for-op",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"delete",
"configure-lifecycle-policy",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.efs-mount-target": {
"actions": {},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.efs-mount-target",
"efs-mount-target"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.network-location"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.security-group"
},
{
"$ref": "#/definitions/filters/aws.subnet"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"subnet",
"security-group",
"network-location",
"config-compliance",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.efs-mount-target/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.efs-mount-target/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.efs-mount-target/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.eks": {
"actions": {
"associate-encryption-config": {
"type": "object",
"additionalProperties": false,
"properties": {
"type": {
"enum": [
"associate-encryption-config"
]
},
"encryptionConfig": {
"type": "array",
"properties": {
"type": "object",
"properties": {
"provider": {
"type": "object",
"properties": {
"keyArn": {
"type": "string"
}
}
},
"resources": {
"type": "array",
"properties": {
"enum": "secrets"
}
}
}
}
}
}
},
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"update-config": {
"type": "object",
"additionalProperties": false,
"oneOf": [
{
"required": [
"type",
"logging"
]
},
{
"required": [
"type",
"resourcesVpcConfig"
]
},
{
"required": [
"type",
"logging",
"resourcesVpcConfig"
]
}
],
"properties": {
"type": {
"enum": [
"update-config"
]
},
"logging": {
"type": "object"
},
"resourcesVpcConfig": {
"type": "object"
}
}
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"kms-key": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"kms-key"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"match-resource": {
"type": "boolean"
},
"operator": {
"enum": [
"and",
"or"
]
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.eks",
"eks"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.eks/filters/json-diff"
},
{
"$ref": "#/definitions/resources/aws.eks/filters/kms-key"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.network-location"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.security-group"
},
{
"$ref": "#/definitions/filters/aws.subnet"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"$ref": "#/definitions/filters/aws.vpc"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"subnet",
"security-group",
"network-location",
"vpc",
"kms-key",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.eks/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.eks/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.eks/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.eks/actions/associate-encryption-config"
},
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.eks/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/resources/aws.eks/actions/update-config"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"mark-for-op",
"remove-tag",
"update-config",
"associate-encryption-config",
"delete",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.eks-nodegroup": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.eks-nodegroup",
"eks-nodegroup"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.eks-nodegroup/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.eks-nodegroup/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.eks-nodegroup/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/resources/aws.eks-nodegroup/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.elastic-ip": {
"actions": {
"disassociate": {
"type": "object",
"properties": {
"type": {
"enum": [
"disassociate"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"release": {
"type": "object",
"properties": {
"type": {
"enum": [
"release"
]
},
"force": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"set-shield": {
"type": "object",
"properties": {
"type": {
"enum": [
"set-shield"
]
},
"state": {
"type": "boolean"
},
"sync": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"shield-enabled": {
"type": "object",
"properties": {
"type": {
"enum": [
"shield-enabled"
]
},
"state": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.elastic-ip",
"aws.network-addr",
"network-addr",
"elastic-ip"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.elastic-ip/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/resources/aws.elastic-ip/filters/shield-enabled"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"tag-count",
"shield-enabled",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.elastic-ip/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.elastic-ip/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.elastic-ip/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.elastic-ip/actions/disassociate"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.normalize-tag"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/resources/aws.elastic-ip/actions/release"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.rename-tag"
},
{
"$ref": "#/definitions/resources/aws.elastic-ip/actions/set-shield"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.tag-trim"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"auto-tag-user",
"mark-for-op",
"tag-trim",
"mark",
"tag",
"unmark",
"untag",
"remove-tag",
"rename-tag",
"normalize-tag",
"set-shield",
"release",
"disassociate",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.elasticache-group": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
},
"snapshot": {
"type": "boolean"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"kms-key": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"kms-key"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"match-resource": {
"type": "boolean"
},
"operator": {
"enum": [
"and",
"or"
]
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.elasticache-group",
"elasticache-group"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.elasticache-group/filters/kms-key"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"marked-for-op",
"kms-key",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.elasticache-group/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.elasticache-group/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.elasticache-group/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.elasticache-group/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.elasticache-group/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"delete",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.elasticache-user": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"modify": {
"type": "object",
"properties": {
"type": {
"enum": [
"modify"
]
},
"attributes": {
"type:": "object"
}
},
"additionalProperties": false,
"required": [
"attributes"
]
},
"rename-tag": {
"type": "object",
"properties": {
"type": {
"enum": [
"rename-tag"
]
},
"old_keys": {
"type": "array",
"items": {
"type": "string"
}
},
"old_key": {
"type": "string"
},
"new_key": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.elasticache-user",
"elasticache-user"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"marked-for-op",
"config-compliance",
"finding",
"ops-item"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.elasticache-user/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.elasticache-user/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.elasticache-user/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/resources/aws.elasticache-user/actions/delete"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/resources/aws.elasticache-user/actions/modify"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/resources/aws.elasticache-user/actions/rename-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"tag",
"auto-tag-user",
"mark-for-op",
"remove-tag",
"rename-tag",
"delete",
"modify",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.elasticbeanstalk": {
"actions": {},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.elasticbeanstalk",
"elasticbeanstalk"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.elasticbeanstalk/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.elasticbeanstalk/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.elasticbeanstalk/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.elasticbeanstalk/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"invoke-lambda",
"put-metric",
"notify",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.elasticbeanstalk-environment": {
"actions": {
"terminate": {
"type": "object",
"properties": {
"type": {
"enum": [
"terminate"
]
},
"force": {
"type": "boolean",
"default": false
},
"terminate_resources": {
"type": "boolean",
"default": true
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"filters": {
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.elasticbeanstalk-environment",
"elasticbeanstalk-environment"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.elasticbeanstalk-environment/filters/json-diff"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.tag-count"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"tag-count",
"marked-for-op",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.elasticbeanstalk-environment/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.elasticbeanstalk-environment/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.elasticbeanstalk-environment/policy/allOf/1/properties/filters"
}
}
}
]
}
},
"actions": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/actions/aws.auto-tag-user"
},
{
"$ref": "#/definitions/actions/aws.copy-related-tag"
},
{
"$ref": "#/definitions/actions/aws.invoke-lambda"
},
{
"$ref": "#/definitions/actions/aws.invoke-sfn"
},
{
"$ref": "#/definitions/actions/aws.mark-for-op"
},
{
"$ref": "#/definitions/actions/aws.notify"
},
{
"$ref": "#/definitions/actions/aws.post-finding"
},
{
"$ref": "#/definitions/actions/aws.post-item"
},
{
"$ref": "#/definitions/actions/aws.put-metric"
},
{
"$ref": "#/definitions/actions/aws.remove-tag"
},
{
"$ref": "#/definitions/actions/aws.tag"
},
{
"$ref": "#/definitions/resources/aws.elasticbeanstalk-environment/actions/terminate"
},
{
"$ref": "#/definitions/actions/aws.webhook"
},
{
"enum": [
"webhook",
"mark-for-op",
"tag",
"remove-tag",
"terminate",
"auto-tag-user",
"invoke-lambda",
"put-metric",
"notify",
"copy-related-tag",
"post-finding",
"invoke-sfn",
"post-item"
]
}
]
}
}
}
}
]
}
},
"aws.elasticsearch": {
"actions": {
"delete": {
"type": "object",
"properties": {
"type": {
"enum": [
"delete"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"enable-auditlog": {
"type": "object",
"properties": {
"type": {
"enum": [
"enable-auditlog"
]
},
"state": {
"type": "boolean"
},
"loggroup_prefix": {
"type": "string"
},
"delay": {
"type": "number"
}
},
"additionalProperties": false,
"required": [
"state",
"type"
]
},
"remove-matched-source-ips": {
"type": "object",
"properties": {
"type": {
"enum": [
"remove-matched-source-ips"
]
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"remove-statements": {
"type": "object",
"properties": {
"type": {
"enum": [
"remove-statements"
]
},
"statement_ids": {
"oneOf": [
{
"enum": [
"matched",
"*"
]
},
{
"type": "array",
"items": {
"type": "string"
}
}
]
}
},
"additionalProperties": false,
"required": [
"statement_ids",
"type"
]
},
"update-tls-config": {
"type": "object",
"properties": {
"type": {
"enum": [
"update-tls-config"
]
},
"value": {
"type": "string",
"enum": [
"Policy-Min-TLS-1-0-2019-07",
"Policy-Min-TLS-1-2-2019-07",
"Policy-Min-TLS-1-2-PFS-2023-10"
]
}
},
"additionalProperties": false,
"required": [
"value",
"type"
]
}
},
"filters": {
"cross-account": {
"type": "object",
"properties": {
"type": {
"enum": [
"cross-account"
]
},
"actions": {
"type": "array",
"items": {
"type": "string"
}
},
"everyone_only": {
"type": "boolean"
},
"whitelist_conditions": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_orgids_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_orgids": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_vpce_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_vpce": {
"type": "array",
"items": {
"type": "string"
}
},
"whitelist_vpc_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"whitelist_vpc": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"cross-cluster": {
"type": "object",
"properties": {
"type": {
"enum": [
"cross-cluster"
]
},
"inbound": {
"type": "object",
"additionalProperties": false,
"required": [
"key",
"value"
],
"properties": {
"type": {
"enum": [
"inbound"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
},
"outbound": {
"type": "object",
"additionalProperties": false,
"required": [
"key",
"value"
],
"properties": {
"type": {
"enum": [
"outbound"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"has-statement": {
"type": "object",
"properties": {
"type": {
"enum": [
"has-statement"
]
},
"statement_ids": {
"type": "array",
"items": {
"type": "string"
}
},
"statements": {
"type": "array",
"items": {
"type": "object",
"properties": {
"Sid": {
"type": "string"
},
"Effect": {
"type": "string",
"enum": [
"Allow",
"Deny"
]
},
"Principal": {
"anyOf": [
{
"type": "string"
},
{
"type": "object"
},
{
"type": "array"
}
]
},
"NotPrincipal": {
"anyOf": [
{
"type": "object"
},
{
"type": "array"
}
]
},
"Action": {
"anyOf": [
{
"type": "string"
},
{
"type": "array"
}
]
},
"NotAction": {
"anyOf": [
{
"type": "string"
},
{
"type": "array"
}
]
},
"Resource": {
"anyOf": [
{
"type": "string"
},
{
"type": "array"
}
]
},
"NotResource": {
"anyOf": [
{
"type": "string"
},
{
"type": "array"
}
]
},
"Condition": {
"type": "object"
}
},
"required": [
"Effect"
]
}
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"json-diff": {
"type": "object",
"properties": {
"type": {
"enum": [
"json-diff"
]
},
"selector": {
"enum": [
"previous",
"date",
"locked"
]
},
"selector_value": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"type"
]
},
"kms-key": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"kms-key"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
},
"match-resource": {
"type": "boolean"
},
"operator": {
"enum": [
"and",
"or"
]
}
}
},
"source-ip": {
"type": "object",
"additionalProperties": false,
"required": [
"type"
],
"properties": {
"type": {
"enum": [
"source-ip"
]
},
"key": {
"type": "string"
},
"value_type": {
"$ref": "#/definitions/filters_common/value_types"
},
"default": {
"type": "object"
},
"value_regex": {
"type": "string"
},
"value_from": {
"$ref": "#/definitions/filters_common/value_from"
},
"value": {
"$ref": "#/definitions/filters_common/value"
},
"op": {
"$ref": "#/definitions/filters_common/comparison_operators"
},
"value_path": {
"type": "string"
}
}
}
},
"policy": {
"allOf": [
{
"$ref": "#/definitions/policy"
},
{
"properties": {
"resource": {
"enum": [
"aws.elasticsearch",
"elasticsearch"
]
},
"filters": {
"type": "array",
"items": {
"anyOf": [
{
"$ref": "#/definitions/filters/aws.config-compliance"
},
{
"$ref": "#/definitions/resources/aws.elasticsearch/filters/cross-account"
},
{
"$ref": "#/definitions/resources/aws.elasticsearch/filters/cross-cluster"
},
{
"$ref": "#/definitions/filters/event"
},
{
"$ref": "#/definitions/filters/aws.finding"
},
{
"$ref": "#/definitions/resources/aws.elasticsearch/filters/has-statement"
},
{
"$ref": "#/definitions/resources/aws.elasticsearch/filters/json-diff"
},
{
"$ref": "#/definitions/resources/aws.elasticsearch/filters/kms-key"
},
{
"$ref": "#/definitions/filters/aws.list-item"
},
{
"$ref": "#/definitions/filters/aws.marked-for-op"
},
{
"$ref": "#/definitions/filters/aws.metrics"
},
{
"$ref": "#/definitions/filters/aws.ops-item"
},
{
"$ref": "#/definitions/filters/aws.reduce"
},
{
"$ref": "#/definitions/filters/aws.security-group"
},
{
"$ref": "#/definitions/resources/aws.elasticsearch/filters/source-ip"
},
{
"$ref": "#/definitions/filters/aws.subnet"
},
{
"$ref": "#/definitions/filters/value"
},
{
"$ref": "#/definitions/filters/valuekv"
},
{
"$ref": "#/definitions/filters/aws.vpc"
},
{
"enum": [
"value",
"or",
"and",
"not",
"event",
"reduce",
"list-item",
"metrics",
"marked-for-op",
"subnet",
"security-group",
"vpc",
"kms-key",
"cross-account",
"cross-cluster",
"has-statement",
"source-ip",
"config-compliance",
"finding",
"ops-item",
"json-diff"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"or": {
"$ref": "#/definitions/resources/aws.elasticsearch/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"and": {
"$ref": "#/definitions/resources/aws.elasticsearch/policy/allOf/1/properties/filters"
}
}
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"not": {
"$ref": "#/definitions/resources/aws.elasticsearch/policy/allOf/1/properties/filters"
}
}
}
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment