Filter for rds-param-group
See original GitHub issueI’m working on a task to:
(a) find if certain parameters are set to be the expected values in every RDS parameter group
(b) Modify to the expected value
Currently we only get the following information when using resource: rds-param-group
:
{
"DBParameterGroupArn": "arn",
"DBParameterGroupName": "pg-name",
"DBParameterGroupFamily": "mysql5.6",
"Description": "blablabla",
}
And the available filters are:
aws.rds-param-group: filters: [and, event, metrics, not, or, value]
So we cannot use the available filters to finish task a
The action modify
works perfectly for task b. But without task a, custodian will always send the API call to modify no matter whether it is the expected value.
I can think of the following options:
-
load when query resource: We can use
detail_spec
withdescribe_db_parameters
to load every parameter name and value. -
Add a filter similar with
rds.filters.db-parameter
The use case can be like this so that it doesn’t load every detail from the resource level :
policies:
- name: rds-param-group-modify
resource: rds-param-group
filters:
- "DBParameterGroupFamily": "mysql5.6"
- type: parameter
key: key_name
value: value_name
Option 2 will save some API calls comparing with option 1, but both will send more calls than taking actions directly. I’m wondering if there is a better option, or maybe the extra api calls in this case should not be a concern.
Thanks!
Issue Analytics
- State:
- Created 5 years ago
- Comments:6 (4 by maintainers)
Top GitHub Comments
Is there anything planned to make (a) possible? We would like to scan our parameter groups if ssl is enforced and inform on those, which aren’t.
Is there any plan to enhance this resource to support filters? We need to get resources with force_ssl not set.