Policy types for @turbot/aws-docdb

Parent

AWS > Doc DB

Targets

Schema

AWS > Doc DB > DB Cluster > Active

Determine the action to take when an AWS DocDB db cluster, based on the AWS > DocDB > DB Cluster > Active > * policies.

The control determines whether the resource is in active use, and if not, has the ability to delete / cleanup the resource. When running an automated compliance environment, it's common to end up with a wide range of alarms that are difficult and time consuming to clear. The Active control brings automated, well-defined control to this process.

The Active control checks the status of all defined Active policies for the resource (AWS > DocDB > DB Cluster > Active > *), raises an alarm, and takes the defined enforcement action. Each Active sub-policy can calculate a status of active, inactive or skipped. Generally, if the resource appears to be Active for any reason it will be considered Active. Note the contrast with Approved, where if the resource appears to be Unapproved for any reason it will be considered Unapproved.

See Active for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterActive

Category

Parent

Targets

Valid Value

[
  "Skip",
  "Check: Active",
  "Enforce: Delete inactive with 1 day warning",
  "Enforce: Delete inactive with 3 days warning",
  "Enforce: Delete inactive with 7 days warning",
  "Enforce: Delete inactive with 14 days warning",
  "Enforce: Delete inactive with 30 days warning",
  "Enforce: Delete inactive with 60 days warning",
  "Enforce: Delete inactive with 90 days warning",
  "Enforce: Delete inactive with 180 days warning",
  "Enforce: Delete inactive with 365 days warning"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Active",
    "Enforce: Delete inactive with 1 day warning",
    "Enforce: Delete inactive with 3 days warning",
    "Enforce: Delete inactive with 7 days warning",
    "Enforce: Delete inactive with 14 days warning",
    "Enforce: Delete inactive with 30 days warning",
    "Enforce: Delete inactive with 60 days warning",
    "Enforce: Delete inactive with 90 days warning",
    "Enforce: Delete inactive with 180 days warning",
    "Enforce: Delete inactive with 365 days warning"
  ],
  "example": [
    "Check: Active"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Cluster > Active > Age

The age after which the AWS DocDB db cluster is no longer considered active. If a create time is unavailable, the time Turbot discovered the resource is used.

The Active control determines whether the resource is in active use, and if not, has the ability to delete / cleanup the resource. When running an automated compliance environment, it's common to end up with a wide range of alarms that are difficult and time consuming to clear. The Active control brings automated, well-defined control to this process.

See Active for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterActiveAge

Category

AWS > Doc DB > DB Cluster > Active

Parent

Targets

Valid Value

[
  "Skip",
  "Force inactive if age > 1 day",
  "Force inactive if age > 3 days",
  "Force inactive if age > 7 days",
  "Force inactive if age > 14 days",
  "Force inactive if age > 30 days",
  "Force inactive if age > 60 days",
  "Force inactive if age > 90 days",
  "Force inactive if age > 180 days",
  "Force inactive if age > 365 days"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Force inactive if age > 1 day",
    "Force inactive if age > 3 days",
    "Force inactive if age > 7 days",
    "Force inactive if age > 14 days",
    "Force inactive if age > 30 days",
    "Force inactive if age > 60 days",
    "Force inactive if age > 90 days",
    "Force inactive if age > 180 days",
    "Force inactive if age > 365 days"
  ],
  "example": [
    "Force inactive if age > 90 days"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Cluster > Active > Budget

The impact of the budget state on the active control. This policy allows you to force dbClusters to inactive based on the current budget state, as reflected in AWS > Account > Budget > State

See Active for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterActiveBudget

Category

AWS > Doc DB > DB Cluster > Active

Parent

Targets

Valid Value

[
  "Skip",
  "Force inactive if Budget > State is Over or higher",
  "Force inactive if Budget > State is Critical or higher",
  "Force inactive if Budget > State is Shutdown"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Force inactive if Budget > State is Over or higher",
    "Force inactive if Budget > State is Critical or higher",
    "Force inactive if Budget > State is Shutdown"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Cluster > Active > Last Modified

The number of days since the AWS DocDB db cluster was last modified before it is considered inactive.

See Active for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterActiveLastModified

Category

AWS > Doc DB > DB Cluster > Active

Parent

Targets

Valid Value

[
  "Skip",
  "Active if last modified <= 1 day",
  "Active if last modified <= 3 days",
  "Active if last modified <= 7 days",
  "Active if last modified <= 14 days",
  "Active if last modified <= 30 days",
  "Active if last modified <= 60 days",
  "Active if last modified <= 90 days",
  "Active if last modified <= 180 days",
  "Active if last modified <= 365 days",
  "Force active if last modified <= 1 day",
  "Force active if last modified <= 3 days",
  "Force active if last modified <= 7 days",
  "Force active if last modified <= 14 days",
  "Force active if last modified <= 30 days",
  "Force active if last modified <= 60 days",
  "Force active if last modified <= 90 days",
  "Force active if last modified <= 180 days",
  "Force active if last modified <= 365 days"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Active if last modified <= 1 day",
    "Active if last modified <= 3 days",
    "Active if last modified <= 7 days",
    "Active if last modified <= 14 days",
    "Active if last modified <= 30 days",
    "Active if last modified <= 60 days",
    "Active if last modified <= 90 days",
    "Active if last modified <= 180 days",
    "Active if last modified <= 365 days",
    "Force active if last modified <= 1 day",
    "Force active if last modified <= 3 days",
    "Force active if last modified <= 7 days",
    "Force active if last modified <= 14 days",
    "Force active if last modified <= 30 days",
    "Force active if last modified <= 60 days",
    "Force active if last modified <= 90 days",
    "Force active if last modified <= 180 days",
    "Force active if last modified <= 365 days"
  ],
  "example": [
    "Active if last modified <= 90 days"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Cluster > Approved

Determine the action to take when an AWS DocDB db cluster is not approved based on AWS > DocDB > DB Cluster > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

See Approved for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterApproved

Category

Parent

Targets

Valid Value

[
  "Skip",
  "Check: Approved",
  "Enforce: Snapshot and delete unapproved if new",
  "Enforce: Delete unapproved if new"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Approved",
    "Enforce: Snapshot and delete unapproved if new",
    "Enforce: Delete unapproved if new"
  ],
  "example": [
    "Check: Approved"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Cluster > Approved > Budget

The policy allows you to set db clusters to unapproved based on the current budget state, as reflected in AWS > Account > Budget > State

This policy will be evaluated by the Approved control. If an AWS DocDB db cluster is not matched by the approved list, it will be subject to the action specified in the AWS > DocDB > DB Cluster > Approved policy.

See Approved for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterApprovedBudget

Category

AWS > Doc DB > DB Cluster > Approved

Parent

Targets

Valid Value

[
  "Skip",
  "Unapproved if Budget > State is Over or higher",
  "Unapproved if Budget > State is Critical or higher",
  "Unapproved if Budget > State is Shutdown"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Unapproved if Budget > State is Over or higher",
    "Unapproved if Budget > State is Critical or higher",
    "Unapproved if Budget > State is Shutdown"
  ],
  "example": [
    "Unapproved if Budget > State is Shutdown"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Cluster > Approved > Regions

A list of AWS regions in which AWS DocDB db clusters are approved for use.

The expected format is an array of regions names. You may use the '*' and '?' wildcard characters.

This policy will be evaluated by the Approved control. If an AWS DocDB db cluster is created in a region that is not in the approved list, it will be subject to the action specified in the AWS > DocDB > DB Cluster > Approved policy.

See Approved for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterApprovedRegions

Category

AWS > Doc DB > DB Cluster > Approved

Parent

Targets

Schema

AWS > Doc DB > DB Cluster > Approved > Usage

Determine whether the AWS DocDB db cluster is allowed to exist.

This policy will be evaluated by the Approved control. If an AWS DocDB db cluster is not approved, it will be subject to the action specified in the AWS > DocDB > DB Cluster > Approved policy.

See Approved for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterApprovedUsage

Category

AWS > Doc DB > DB Cluster > Approved

Parent

Targets

Valid Value

[
  "Not approved",
  "Approved",
  "Approved if AWS > RDS > Enabled"
]

Schema

{
  "type": "string",
  "enum": [
    "Not approved",
    "Approved",
    "Approved if AWS > RDS > Enabled"
  ],
  "example": [
    "Not approved"
  ],
  "default": "Approved if AWS > RDS > Enabled"
}

AWS > Doc DB > DB Cluster > CMDB

Configure whether to record and synchronize details for the AWS Doc DB db cluster into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB. All policies and controls in Turbot are based around the resource, so usually the CMDB policy is set to "Enforce: Enabled".

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > Doc DB > DB Cluster > Regions policy, the CMDB control will delete the resource from the CMDB.

(Note: Setting CMDB to "Skip" will also pause these changes.)

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterCmdb

Category

CMDB

Parent

Targets

Valid Value

[
  "Skip",
  "Enforce: Enabled",
  "Enforce: Disabled"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Enforce: Enabled",
    "Enforce: Disabled"
  ],
  "example": [
    "Skip"
  ],
  "default": "Enforce: Enabled"
}

AWS > Doc DB > DB Cluster > Regions

A list of AWS regions in which AWS Doc DB s are supported for use.

Any dbCluster in a region not listed here will not be recorded in CMDB.

The expected format is an array of regions names. You may use the '*' and '?' wildcard characters.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterRegions

Category

Parent

Targets

Schema

AWS > Doc DB > DB Cluster > Tags

Determine the action to take when an AWS Doc DB db cluster tags are not updated based on the AWS > Doc DB > DB Cluster > Tags > * policies.

The control ensure AWS Doc DB db cluster tags include tags defined in AWS > Doc DB > DB Cluster > Tags > Template.

Tags not defined in DB Cluster Tags Template will not be modified or deleted. Setting a tag value to undefined will result in the tag being deleted.

See Tags for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterTags

Category

Parent

Targets

Valid Value

[
  "Skip",
  "Check: Tags are correct",
  "Enforce: Set tags"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Tags are correct",
    "Enforce: Set tags"
  ],
  "example": [
    "Check: Tags are correct"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Cluster > Tags > Template

The template is used to generate the keys and values for AWS Doc DB db cluster.

Tags not defined in DB Cluster Tags Template will not be modified or deleted. Setting a tag value to undefined will result in the tag being deleted.

See Tags for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterTagsTemplate

Category

AWS > Doc DB > DB Cluster > Tags

Parent

Targets

Schema

AWS > Doc DB > DB Cluster > Usage

Configure the number of AWS Doc DB db clusters that can be used for this region and the current consumption against the limit.

You can configure the behavior of the control with this AWS > Doc DB > DB Cluster > Usage policy.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterUsage

Category

Parent

Targets

Valid Value

[
  "Skip",
  "Check: Usage <= 85% of Limit",
  "Check: Usage <= 100% of Limit"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Usage <= 85% of Limit",
    "Check: Usage <= 100% of Limit"
  ],
  "example": [
    "Check: Usage <= 85% of Limit"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Cluster > Usage > Limit

Maximum number of items that can be created for this region.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterUsageLimit

Category

AWS > Doc DB > DB Cluster > Usage

Parent

Targets

Schema

{
  "type": "integer",
  "minimum": 0,
  "default": 40
}

AWS > Doc DB > DB Cluster Parameter Group > Active

Determine the action to take when an AWS DocDB db cluster parameter group, based on the AWS > DocDB > DB Cluster Parameter Group > Active > * policies.

The Active control checks the status of all defined Active policies for the resource (AWS > DocDB > DB Cluster Parameter Group > Active > *), raises an alarm, and takes the defined enforcement action. Each Active sub-policy can calculate a status of active, inactive or skipped. Generally, if the resource appears to be Active for any reason it will be considered Active. Note the contrast with Approved, where if the resource appears to be Unapproved for any reason it will be considered Unapproved.

See Active for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupActive

Category

Parent

Targets

Valid Value

[
  "Skip",
  "Check: Active",
  "Enforce: Delete inactive with 1 day warning",
  "Enforce: Delete inactive with 3 days warning",
  "Enforce: Delete inactive with 7 days warning",
  "Enforce: Delete inactive with 14 days warning",
  "Enforce: Delete inactive with 30 days warning",
  "Enforce: Delete inactive with 60 days warning",
  "Enforce: Delete inactive with 90 days warning",
  "Enforce: Delete inactive with 180 days warning",
  "Enforce: Delete inactive with 365 days warning"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Active",
    "Enforce: Delete inactive with 1 day warning",
    "Enforce: Delete inactive with 3 days warning",
    "Enforce: Delete inactive with 7 days warning",
    "Enforce: Delete inactive with 14 days warning",
    "Enforce: Delete inactive with 30 days warning",
    "Enforce: Delete inactive with 60 days warning",
    "Enforce: Delete inactive with 90 days warning",
    "Enforce: Delete inactive with 180 days warning",
    "Enforce: Delete inactive with 365 days warning"
  ],
  "example": [
    "Check: Active"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Cluster Parameter Group > Active > Age

The age after which the AWS DocDB db cluster parameter group is no longer considered active. If a create time is unavailable, the time Turbot discovered the resource is used.

See Active for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupActiveAge

Category

AWS > Doc DB > DB Cluster Parameter Group > Active

Parent

Targets

Valid Value

[
  "Skip",
  "Force inactive if age > 1 day",
  "Force inactive if age > 3 days",
  "Force inactive if age > 7 days",
  "Force inactive if age > 14 days",
  "Force inactive if age > 30 days",
  "Force inactive if age > 60 days",
  "Force inactive if age > 90 days",
  "Force inactive if age > 180 days",
  "Force inactive if age > 365 days"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Force inactive if age > 1 day",
    "Force inactive if age > 3 days",
    "Force inactive if age > 7 days",
    "Force inactive if age > 14 days",
    "Force inactive if age > 30 days",
    "Force inactive if age > 60 days",
    "Force inactive if age > 90 days",
    "Force inactive if age > 180 days",
    "Force inactive if age > 365 days"
  ],
  "example": [
    "Force inactive if age > 90 days"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Cluster Parameter Group > Active > Last Modified

The number of days since the AWS DocDB db cluster parameter group was last modified before it is considered inactive.

See Active for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupActiveLastModified

Category

AWS > Doc DB > DB Cluster Parameter Group > Active

Parent

Targets

Valid Value

[
  "Skip",
  "Active if last modified <= 1 day",
  "Active if last modified <= 3 days",
  "Active if last modified <= 7 days",
  "Active if last modified <= 14 days",
  "Active if last modified <= 30 days",
  "Active if last modified <= 60 days",
  "Active if last modified <= 90 days",
  "Active if last modified <= 180 days",
  "Active if last modified <= 365 days",
  "Force active if last modified <= 1 day",
  "Force active if last modified <= 3 days",
  "Force active if last modified <= 7 days",
  "Force active if last modified <= 14 days",
  "Force active if last modified <= 30 days",
  "Force active if last modified <= 60 days",
  "Force active if last modified <= 90 days",
  "Force active if last modified <= 180 days",
  "Force active if last modified <= 365 days"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Active if last modified <= 1 day",
    "Active if last modified <= 3 days",
    "Active if last modified <= 7 days",
    "Active if last modified <= 14 days",
    "Active if last modified <= 30 days",
    "Active if last modified <= 60 days",
    "Active if last modified <= 90 days",
    "Active if last modified <= 180 days",
    "Active if last modified <= 365 days",
    "Force active if last modified <= 1 day",
    "Force active if last modified <= 3 days",
    "Force active if last modified <= 7 days",
    "Force active if last modified <= 14 days",
    "Force active if last modified <= 30 days",
    "Force active if last modified <= 60 days",
    "Force active if last modified <= 90 days",
    "Force active if last modified <= 180 days",
    "Force active if last modified <= 365 days"
  ],
  "example": [
    "Active if last modified <= 90 days"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Cluster Parameter Group > Approved

Determine the action to take when an AWS DocDB db cluster parameter group is not approved based on AWS > DocDB > DB Cluster Parameter Group > Approved > * policies.

See Approved for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupApproved

Category

Parent

Targets

Valid Value

[
  "Skip",
  "Check: Approved",
  "Enforce: Delete unapproved if new"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Approved",
    "Enforce: Delete unapproved if new"
  ],
  "example": [
    "Check: Approved"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Cluster Parameter Group > Approved > Regions

A list of AWS regions in which AWS DocDB db cluster parameter groups are approved for use.

The expected format is an array of regions names. You may use the '*' and '?' wildcard characters.

This policy will be evaluated by the Approved control. If an AWS DocDB db cluster parameter group is created in a region that is not in the approved list, it will be subject to the action specified in the AWS > DocDB > DB Cluster Parameter Group > Approved policy.

See Approved for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupApprovedRegions

Category

AWS > Doc DB > DB Cluster Parameter Group > Approved

Parent

Targets

Schema

AWS > Doc DB > DB Cluster Parameter Group > Approved > Usage

Determine whether the AWS DocDB db cluster parameter group is allowed to exist.

This policy will be evaluated by the Approved control. If an AWS DocDB db cluster parameter group is not approved, it will be subject to the action specified in the AWS > DocDB > DB Cluster Parameter Group > Approved policy.

See Approved for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupApprovedUsage

Category

AWS > Doc DB > DB Cluster Parameter Group > Approved

Parent

Targets

Valid Value

[
  "Not approved",
  "Approved",
  "Approved if AWS > RDS > Enabled"
]

Schema

{
  "type": "string",
  "enum": [
    "Not approved",
    "Approved",
    "Approved if AWS > RDS > Enabled"
  ],
  "example": [
    "Not approved"
  ],
  "default": "Approved if AWS > RDS > Enabled"
}

AWS > Doc DB > DB Cluster Parameter Group > CMDB

Configure whether to record and synchronize details for the AWS Doc DB db cluster parameter group into the CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > Doc DB > DB Cluster Parameter Group > Regions policy, the CMDB control will delete the resource from the CMDB.

(Note: Setting CMDB to "Skip" will also pause these changes.)

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupCmdb

Category

CMDB

Parent

Targets

Valid Value

[
  "Skip",
  "Enforce: Enabled",
  "Enforce: Disabled"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Enforce: Enabled",
    "Enforce: Disabled"
  ],
  "example": [
    "Skip"
  ],
  "default": "Enforce: Enabled"
}

AWS > Doc DB > DB Cluster Parameter Group > Regions

A list of AWS regions in which AWS Doc DB db cluster parameter groups are supported for use.

Any db cluster parameter groups in a region not listed here will not be recorded in CMDB.

The expected format is an array of regions names. You may use the '*' and '?' wildcard characters.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupRegions

Category

Parent

Targets

Schema

AWS > Doc DB > DB Cluster Parameter Group > Tags

Determine the action to take when an AWS Doc DB db cluster parameter group tags are not updated based on the AWS > Doc DB > DB Cluster Parameter Group > Tags > * policies.

The control ensure AWS Doc DB db cluster parameter group tags include tags defined in AWS > Doc DB > DB Cluster Parameter Group > Tags > Template.

Tags not defined in DB Cluster Parameter Group Tags Template will not be modified or deleted. Setting a tag value to undefined will result in the tag being deleted.

See Tags for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupTags

Category

Parent

Targets

Valid Value

[
  "Skip",
  "Check: Tags are correct",
  "Enforce: Set tags"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Tags are correct",
    "Enforce: Set tags"
  ],
  "example": [
    "Check: Tags are correct"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Cluster Parameter Group > Tags > Template

The template is used to generate the keys and values for AWS Doc DB db cluster parameter group.

Tags not defined in DB Cluster Parameter Group Tags Template will not be modified or deleted. Setting a tag value to undefined will result in the tag being deleted.

See Tags for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupTagsTemplate

Category

AWS > Doc DB > DB Cluster Parameter Group > Tags

Parent

Targets

Schema

AWS > Doc DB > DB Cluster Parameter Group > Usage

Configure the number of AWS Doc DB db cluster parameter groups that can be used for this region and the current consumption against the limit.

You can configure the behavior of the control with this AWS > Doc DB > DB Cluster Parameter Group > Usage policy.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupUsage

Category

Parent

Targets

Valid Value

[
  "Skip",
  "Check: Usage <= 85% of Limit",
  "Check: Usage <= 100% of Limit"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Usage <= 85% of Limit",
    "Check: Usage <= 100% of Limit"
  ],
  "example": [
    "Check: Usage <= 85% of Limit"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Cluster Parameter Group > Usage > Limit

Maximum number of items that can be created for this region.

URI

tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupUsageLimit

Category

AWS > Doc DB > DB Cluster Parameter Group > Usage

Parent

Targets

Schema

{
  "type": "integer",
  "minimum": 0,
  "default": 50
}

AWS > Doc DB > DB Instance > Active

Determine the action to take when an AWS DocDB db instance, based on the AWS > DocDB > DB Instance > Active > * policies.

The Active control checks the status of all defined Active policies for the resource (AWS > DocDB > DB Instance > Active > *), raises an alarm, and takes the defined enforcement action. Each Active sub-policy can calculate a status of active, inactive or skipped. Generally, if the resource appears to be Active for any reason it will be considered Active. Note the contrast with Approved, where if the resource appears to be Unapproved for any reason it will be considered Unapproved.

See Active for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbInstanceActive

Category

Parent

Targets

Valid Value

[
  "Skip",
  "Check: Active",
  "Enforce: Delete inactive with 1 day warning",
  "Enforce: Delete inactive with 3 days warning",
  "Enforce: Delete inactive with 7 days warning",
  "Enforce: Delete inactive with 14 days warning",
  "Enforce: Delete inactive with 30 days warning",
  "Enforce: Delete inactive with 60 days warning",
  "Enforce: Delete inactive with 90 days warning",
  "Enforce: Delete inactive with 180 days warning",
  "Enforce: Delete inactive with 365 days warning"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Active",
    "Enforce: Delete inactive with 1 day warning",
    "Enforce: Delete inactive with 3 days warning",
    "Enforce: Delete inactive with 7 days warning",
    "Enforce: Delete inactive with 14 days warning",
    "Enforce: Delete inactive with 30 days warning",
    "Enforce: Delete inactive with 60 days warning",
    "Enforce: Delete inactive with 90 days warning",
    "Enforce: Delete inactive with 180 days warning",
    "Enforce: Delete inactive with 365 days warning"
  ],
  "example": [
    "Check: Active"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Instance > Active > Age

The age after which the AWS DocDB db instance is no longer considered active. If a create time is unavailable, the time Turbot discovered the resource is used.

See Active for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbInstanceActiveAge

Category

AWS > Doc DB > DB Instance > Active

Parent

Targets

Valid Value

[
  "Skip",
  "Force inactive if age > 1 day",
  "Force inactive if age > 3 days",
  "Force inactive if age > 7 days",
  "Force inactive if age > 14 days",
  "Force inactive if age > 30 days",
  "Force inactive if age > 60 days",
  "Force inactive if age > 90 days",
  "Force inactive if age > 180 days",
  "Force inactive if age > 365 days"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Force inactive if age > 1 day",
    "Force inactive if age > 3 days",
    "Force inactive if age > 7 days",
    "Force inactive if age > 14 days",
    "Force inactive if age > 30 days",
    "Force inactive if age > 60 days",
    "Force inactive if age > 90 days",
    "Force inactive if age > 180 days",
    "Force inactive if age > 365 days"
  ],
  "example": [
    "Force inactive if age > 90 days"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Instance > Active > Budget

The impact of the budget state on the active control. This policy allows you to force dbInstances to inactive based on the current budget state, as reflected in AWS > Account > Budget > State

See Active for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbInstanceActiveBudget

Category

AWS > Doc DB > DB Instance > Active

Parent

Targets

Valid Value

[
  "Skip",
  "Force inactive if Budget > State is Over or higher",
  "Force inactive if Budget > State is Critical or higher",
  "Force inactive if Budget > State is Shutdown"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Force inactive if Budget > State is Over or higher",
    "Force inactive if Budget > State is Critical or higher",
    "Force inactive if Budget > State is Shutdown"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Instance > Active > Last Modified

The number of days since the AWS DocDB db instance was last modified before it is considered inactive.

See Active for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbInstanceActiveLastModified

Category

AWS > Doc DB > DB Instance > Active

Parent

Targets

Valid Value

[
  "Skip",
  "Active if last modified <= 1 day",
  "Active if last modified <= 3 days",
  "Active if last modified <= 7 days",
  "Active if last modified <= 14 days",
  "Active if last modified <= 30 days",
  "Active if last modified <= 60 days",
  "Active if last modified <= 90 days",
  "Active if last modified <= 180 days",
  "Active if last modified <= 365 days",
  "Force active if last modified <= 1 day",
  "Force active if last modified <= 3 days",
  "Force active if last modified <= 7 days",
  "Force active if last modified <= 14 days",
  "Force active if last modified <= 30 days",
  "Force active if last modified <= 60 days",
  "Force active if last modified <= 90 days",
  "Force active if last modified <= 180 days",
  "Force active if last modified <= 365 days"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Active if last modified <= 1 day",
    "Active if last modified <= 3 days",
    "Active if last modified <= 7 days",
    "Active if last modified <= 14 days",
    "Active if last modified <= 30 days",
    "Active if last modified <= 60 days",
    "Active if last modified <= 90 days",
    "Active if last modified <= 180 days",
    "Active if last modified <= 365 days",
    "Force active if last modified <= 1 day",
    "Force active if last modified <= 3 days",
    "Force active if last modified <= 7 days",
    "Force active if last modified <= 14 days",
    "Force active if last modified <= 30 days",
    "Force active if last modified <= 60 days",
    "Force active if last modified <= 90 days",
    "Force active if last modified <= 180 days",
    "Force active if last modified <= 365 days"
  ],
  "example": [
    "Active if last modified <= 90 days"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Instance > Approved

Determine the action to take when an AWS DocDB db instance is not approved based on AWS > DocDB > DB Instance > Approved > * policies.

See Approved for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbInstanceApproved

Category

Parent

Targets

Valid Value

[
  "Skip",
  "Check: Approved",
  "Enforce: Delete unapproved if new"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Approved",
    "Enforce: Delete unapproved if new"
  ],
  "example": [
    "Check: Approved"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Instance > Approved > Budget

The policy allows you to set db instances to unapproved based on the current budget state, as reflected in AWS > Account > Budget > State

This policy will be evaluated by the Approved control. If an AWS DocDB db instance is not matched by the approved list, it will be subject to the action specified in the AWS > DocDB > DB Instance > Approved policy.

See Approved for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbInstanceApprovedBudget

Category

AWS > Doc DB > DB Instance > Approved

Parent

Targets

Valid Value

[
  "Skip",
  "Unapproved if Budget > State is Over or higher",
  "Unapproved if Budget > State is Critical or higher",
  "Unapproved if Budget > State is Shutdown"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Unapproved if Budget > State is Over or higher",
    "Unapproved if Budget > State is Critical or higher",
    "Unapproved if Budget > State is Shutdown"
  ],
  "example": [
    "Unapproved if Budget > State is Shutdown"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Instance > Approved > Regions

A list of AWS regions in which AWS DocDB db instances are approved for use.

The expected format is an array of regions names. You may use the '*' and '?' wildcard characters.

This policy will be evaluated by the Approved control. If an AWS DocDB db instance is created in a region that is not in the approved list, it will be subject to the action specified in the AWS > DocDB > DB Instance > Approved policy.

See Approved for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbInstanceApprovedRegions

Category

AWS > Doc DB > DB Instance > Approved

Parent

Targets

Schema

AWS > Doc DB > DB Instance > Approved > Usage

Determine whether the AWS DocDB db instance is allowed to exist.

This policy will be evaluated by the Approved control. If an AWS DocDB db instance is not approved, it will be subject to the action specified in the AWS > DocDB > DB Instance > Approved policy.

See Approved for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbInstanceApprovedUsage

Category

AWS > Doc DB > DB Instance > Approved

Parent

Targets

Valid Value

[
  "Not approved",
  "Approved",
  "Approved if AWS > DocDB > Enabled"
]

Schema

{
  "type": "string",
  "enum": [
    "Not approved",
    "Approved",
    "Approved if AWS > DocDB > Enabled"
  ],
  "example": [
    "Not approved"
  ],
  "default": "Approved if AWS > DocDB > Enabled"
}

AWS > Doc DB > DB Instance > CMDB

Configure whether to record and synchronize details for the AWS Doc DB db instance into the CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > Doc DB > DB Instance > Regions policy, the CMDB control will delete the resource from the CMDB.

(Note: Setting CMDB to "Skip" will also pause these changes.)

URI

tmod:@turbot/aws-docdb#/policy/types/dbInstanceCmdb

Category

CMDB

Parent

Targets

Valid Value

[
  "Skip",
  "Enforce: Enabled",
  "Enforce: Disabled"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Enforce: Enabled",
    "Enforce: Disabled"
  ],
  "example": [
    "Skip"
  ],
  "default": "Enforce: Enabled"
}

AWS > Doc DB > DB Instance > Regions

A list of AWS regions in which AWS Doc DB db instances are supported for use.

Any db instances in a region not listed here will not be recorded in CMDB.

The expected format is an array of regions names. You may use the '*' and '?' wildcard characters.

URI

tmod:@turbot/aws-docdb#/policy/types/dbInstanceRegions

Category

Parent

Targets

Schema

AWS > Doc DB > DB Instance > Tags

Determine the action to take when an AWS Doc DB db instance tags are not updated based on the AWS > Doc DB > DB Instance > Tags > * policies.

The control ensure AWS Doc DB db instance tags include tags defined in AWS > Doc DB > DB Instance > Tags > Template.

Tags not defined in DB Instance Tags Template will not be modified or deleted. Setting a tag value to undefined will result in the tag being deleted.

See Tags for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbInstanceTags

Category

Parent

Targets

Valid Value

[
  "Skip",
  "Check: Tags are correct",
  "Enforce: Set tags"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Tags are correct",
    "Enforce: Set tags"
  ],
  "example": [
    "Check: Tags are correct"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Instance > Tags > Template

The template is used to generate the keys and values for AWS Doc DB db instance.

Tags not defined in DB Instance Tags Template will not be modified or deleted. Setting a tag value to undefined will result in the tag being deleted.

See Tags for more information.

URI

tmod:@turbot/aws-docdb#/policy/types/dbInstanceTagsTemplate

Category

AWS > Doc DB > DB Instance > Tags

Parent

Targets

Schema

AWS > Doc DB > DB Instance > Usage

Configure the number of AWS Doc DB db instances that can be used for this region and the current consumption against the limit.

You can configure the behavior of the control with this AWS > Doc DB > DB Instance > Usage policy.

URI

tmod:@turbot/aws-docdb#/policy/types/dbInstanceUsage

Category

Parent

Targets

Valid Value

[
  "Skip",
  "Check: Usage <= 85% of Limit",
  "Check: Usage <= 100% of Limit"
]

Schema

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Usage <= 85% of Limit",
    "Check: Usage <= 100% of Limit"
  ],
  "example": [
    "Check: Usage <= 85% of Limit"
  ],
  "default": "Skip"
}

AWS > Doc DB > DB Instance > Usage > Limit

Maximum number of items that can be created for this region.

URI

tmod:@turbot/aws-docdb#/policy/types/dbInstanceUsageLimit

Category

AWS > Doc DB > DB Instance > Usage

Parent

Targets

Schema

{
  "type": "integer",
  "minimum": 0,
  "default": 40
}

AWS > Doc DB > Regions

A list of AWS regions in which AWS Doc DB resources are supported for use.

The expected format is an array of regions names. You may use the '*' and '?' wildcard characters.

This policy is the default value for all AWS Doc DB resources' Regions policies.

URI

tmod:@turbot/aws-docdb#/policy/types/docDbRegionsDefault

Category

Parent

AWS > Doc DB

Targets

Schema

{
  "allOf": [
    {
      "$ref": "aws#/definitions/regionNameMatcherList"
    },
    {
      "default": [
        "ap-northeast-1",
        "ap-northeast-2",
        "ap-south-1",
        "ap-southeast-1",
        "ap-southeast-2",
        "ca-central-1",
        "eu-central-1",
        "eu-west-1",
        "eu-west-2",
        "eu-west-3",
        "us-east-1",
        "us-east-2",
        "us-gov-west-1",
        "us-west-2"
      ]
    }
  ]
}

AWS > Doc DB > Tags Template [Default]

A template used to generate the keys and values for AWS Doc DB resources.

By default, all Doc DB resource Tags > Template policies will use this value.

URI

tmod:@turbot/aws-docdb#/policy/types/docDbTagsTemplate

Category

Parent

AWS > Doc DB

Targets

Schema