Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Filter for rds-param-group

See original GitHub issue

I’m working on a task to: (a) find if certain parameters are set to be the expected values in every RDS parameter group (b) Modify to the expected value

Currently we only get the following information when using resource: rds-param-group:

{
  "DBParameterGroupArn": "arn", 
  "DBParameterGroupName": "pg-name", 
  "DBParameterGroupFamily": "mysql5.6", 
  "Description": "blablabla", 
}

And the available filters are: aws.rds-param-group: filters: [and, event, metrics, not, or, value] So we cannot use the available filters to finish task a

The action modify works perfectly for task b. But without task a, custodian will always send the API call to modify no matter whether it is the expected value.

I can think of the following options:

  1. load when query resource: We can use detail_spec with describe_db_parameters to load every parameter name and value.

  2. Add a filter similar with rds.filters.db-parameter The use case can be like this so that it doesn’t load every detail from the resource level :

policies:
  - name: rds-param-group-modify
    resource: rds-param-group
    filters:
      - "DBParameterGroupFamily": "mysql5.6"
      - type: parameter
        key: key_name
        value: value_name

Option 2 will save some API calls comparing with option 1, but both will send more calls than taking actions directly. I’m wondering if there is a better option, or maybe the extra api calls in this case should not be a concern.

Thanks!

Issue Analytics

  • State:open
  • Created 5 years ago
  • Comments:6 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
snowiowcommented, Aug 14, 2020

Is there anything planned to make (a) possible? We would like to scan our parameter groups if ssl is enforced and inform on those, which aren’t.

0reactions
harishachappacommented, Oct 13, 2020

Is there any plan to enhance this resource to support filters? We need to get resources with force_ssl not set.

Read more comments on GitHub >

github_iconTop Results From Across the Web

describe-db-parameter-groups - AWS Documentation
Contains the details of an Amazon RDS DB parameter group. This data type is used as a response element in the DescribeDBParameterGroups action....
Read more >
aws.rds-param-group — Cloud Custodian documentation
aws.rds-param-group¶. Resource manager for RDS parameter groups. Filters¶. config-compliance · event.
Read more >
describe-db-parameters — AWS CLI 2.4.19 Command ...
Returns the detailed parameter list for a particular DB parameter group. ... The filters supported by a describe operation are documented with the...
Read more >
aws rds cli -- need to search the db-parameter-group(s) for a ...
Hello all. I am successful at querying "aws --no-verify-ssl rds describe-db-parameter-groups". But, I'm trying to filter down in order to view one parameter ......
Read more >
Modify Custom Parameter Group - AWS Workshop Studio
In the RDS menu, click on “Parameter Groups” either on the left hand pane or on the main ... In the filter parameters...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

How does garbage collection get enforced?

Next page

ASG policy not failing when AWS api call fails