rules
Creates, updates, deletes or gets a rule resource or lists rules in a region
Overview
| Name | rules |
| Type | Resource |
| Description | Resource Type definition for AWS::Rbin::Rule |
| Id | awscc.rbin.rules |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
arn | string | Rule Arn is unique for each rule. |
identifier | string | The unique ID of the retention rule. |
description | string | The description of the retention rule. |
resource_tags | array | Information about the resource tags used to identify resources that are retained by the retention rule. |
exclude_resource_tags | array | Information about the exclude resource tags used to identify resources that are excluded by the retention rule. |
resource_type | string | The resource type retained by the retention rule. |
tags | array | Information about the tags assigned to the retention rule. |
retention_period | object | Information about the retention period for which the retention rule is to retain resources. |
status | string | The state of the retention rule. Only retention rules that are in the available state retain resources. |
lock_configuration | object | Information about the retention rule lock configuration. |
lock_state | string | The lock state for the retention rule. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
arn | string | Rule Arn is unique for each rule. |
region | string | AWS region. |
For more information, see AWS::Rbin::Rule.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | rules | INSERT | RetentionPeriod, ResourceType, region |
delete_resource | rules | DELETE | Identifier, region |
update_resource | rules | UPDATE | Identifier, PatchDocument, region |
list_resources | rules_list_only | SELECT | region |
get_resource | rules | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual rule.
SELECT
region,
arn,
identifier,
description,
resource_tags,
exclude_resource_tags,
resource_type,
tags,
retention_period,
status,
lock_configuration,
lock_state
FROM awscc.rbin.rules
WHERE
region = 'us-east-1' AND
Identifier = '{{ arn }}';
Lists all rules in a region.
SELECT
region,
arn
FROM awscc.rbin.rules_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new rule resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.rbin.rules (
ResourceType,
RetentionPeriod,
region
)
SELECT
'{{ resource_type }}',
'{{ retention_period }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.rbin.rules (
Description,
ResourceTags,
ExcludeResourceTags,
ResourceType,
Tags,
RetentionPeriod,
Status,
LockConfiguration,
region
)
SELECT
'{{ description }}',
'{{ resource_tags }}',
'{{ exclude_resource_tags }}',
'{{ resource_type }}',
'{{ tags }}',
'{{ retention_period }}',
'{{ status }}',
'{{ lock_configuration }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: rule
props:
- name: description
value: '{{ description }}'
- name: resource_tags
value:
- resource_tag_key: '{{ resource_tag_key }}'
resource_tag_value: '{{ resource_tag_value }}'
- name: exclude_resource_tags
value:
- null
- name: resource_type
value: '{{ resource_type }}'
- name: tags
value:
- key: '{{ key }}'
value: '{{ value }}'
- name: retention_period
value:
retention_period_value: '{{ retention_period_value }}'
retention_period_unit: '{{ retention_period_unit }}'
- name: status
value: '{{ status }}'
- name: lock_configuration
value:
unlock_delay_value: '{{ unlock_delay_value }}'
unlock_delay_unit: '{{ unlock_delay_unit }}'
UPDATE example
Use the following StackQL query and manifest file to update a rule resource, using stack-deploy.
/*+ update */
UPDATE awscc.rbin.rules
SET PatchDocument = string('{{ {
"Description": description,
"ResourceTags": resource_tags,
"ExcludeResourceTags": exclude_resource_tags,
"Tags": tags,
"RetentionPeriod": retention_period,
"Status": status,
"LockConfiguration": lock_configuration
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ arn }}';
DELETE example
/*+ delete */
DELETE FROM awscc.rbin.rules
WHERE
Identifier = '{{ arn }}' AND
region = 'us-east-1';
Permissions
To operate on the rules resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
rbin:CreateRule,
rbin:GetRule,
rbin:LockRule,
rbin:TagResource,
iam:PassRole
rbin:GetRule,
rbin:ListTagsForResource,
iam:PassRole
rbin:GetRule,
rbin:UpdateRule,
rbin:LockRule,
rbin:UnlockRule,
rbin:TagResource,
rbin:UntagResource,
rbin:ListTagsForResource,
iam:PassRole
rbin:GetRule,
rbin:DeleteRule,
iam:PassRole
rbin:ListRules,
rbin:ListTagsForResource,
iam:PassRole