safety_rules

Creates, updates, deletes or gets a safety_rule resource or lists safety_rules in a region

Overview

Name	`safety_rules`
Type	Resource
Description	Resource schema for AWS Route53 Recovery Control basic constructs and validation rules.
Id	`aws.route53recoverycontrol.safety_rules`

Fields

Name	Datatype	Description
`assertion_rule`	`object`	An assertion rule enforces that, when a routing control state is changed, that the criteria set by the rule configuration is met. Otherwise, the change to the routing control is not accepted.
`gating_rule`	`object`	A gating rule verifies that a set of gating controls evaluates as true, based on a rule configuration that you specify. If the gating rule evaluates to true, Amazon Route 53 Application Recovery Controller allows a set of routing control state changes to run and complete against the set of target controls.
`name`	`string`	The name for the safety rule.
`safety_rule_arn`	`string`	The Amazon Resource Name (ARN) of the safety rule.
`control_panel_arn`	`string`	The Amazon Resource Name (ARN) of the control panel.
`status`	`string`	The deployment status of the routing control. Status can be one of the following: PENDING, DEPLOYED, PENDING_DELETION.
`rule_config`	`object`	The rule configuration for an assertion rule or gating rule. This is the criteria that you set for specific assertion controls (routing controls) or gating controls. This configuration specifies how many controls must be enabled after a transaction completes.
`tags`	`array`	A collection of tags associated with a resource
`region`	`string`	AWS region.

Methods

Name	Accessible by	Required Params
`create_resource`	`INSERT`	`, region`
`delete_resource`	`DELETE`	`data__Identifier, region`
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`list_resources`	`SELECT`	`region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` examples

Gets all safety_rules in a region.

SELECT
region,
assertion_rule,
gating_rule,
name,
safety_rule_arn,
control_panel_arn,
status,
rule_config,
tags
FROM aws.route53recoverycontrol.safety_rules
WHERE region = 'us-east-1';

Gets all properties from an individual safety_rule.

SELECT
region,
assertion_rule,
gating_rule,
name,
safety_rule_arn,
control_panel_arn,
status,
rule_config,
tags
FROM aws.route53recoverycontrol.safety_rules
WHERE region = 'us-east-1' AND data__Identifier = '<SafetyRuleArn>';

`INSERT` example

Use the following StackQL query and manifest file to create a new safety_rule resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO aws.route53recoverycontrol.safety_rules (
 ,
 region
)
SELECT 
'{{  }}',
'{{ region }}';

/*+ create */
INSERT INTO aws.route53recoverycontrol.safety_rules (
 AssertionRule,
 GatingRule,
 Name,
 ControlPanelArn,
 RuleConfig,
 Tags,
 region
)
SELECT 
 '{{ AssertionRule }}',
 '{{ GatingRule }}',
 '{{ Name }}',
 '{{ ControlPanelArn }}',
 '{{ RuleConfig }}',
 '{{ Tags }}',
 '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: safety_rule
    props:
      - name: AssertionRule
        value:
          WaitPeriodMs: '{{ WaitPeriodMs }}'
          AssertedControls:
            - '{{ AssertedControls[0] }}'
      - name: GatingRule
        value:
          GatingControls:
            - '{{ GatingControls[0] }}'
          TargetControls:
            - '{{ TargetControls[0] }}'
          WaitPeriodMs: '{{ WaitPeriodMs }}'
      - name: Name
        value: '{{ Name }}'
      - name: ControlPanelArn
        value: '{{ ControlPanelArn }}'
      - name: RuleConfig
        value:
          Type: '{{ Type }}'
          Threshold: '{{ Threshold }}'
          Inverted: '{{ Inverted }}'
      - name: Tags
        value:
          - Key: '{{ Key }}'
            Value: '{{ Value }}'

`DELETE` example

/*+ delete */
DELETE FROM aws.route53recoverycontrol.safety_rules
WHERE data__Identifier = '<SafetyRuleArn>'
AND region = 'us-east-1';

Permissions

To operate on the safety_rules resource, the following permissions are required:

Create

route53-recovery-control-config:CreateSafetyRule,
route53-recovery-control-config:DescribeSafetyRule,
route53-recovery-control-config:DescribeControlPanel,
route53-recovery-control-config:DescribeRoutingControl,
route53-recovery-control-config:ListTagsForResource,
route53-recovery-control-config:TagResource

Read

route53-recovery-control-config:DescribeSafetyRule,
route53-recovery-control-config:ListTagsForResource

Update

route53-recovery-control-config:UpdateSafetyRule,
route53-recovery-control-config:DescribeSafetyRule,
route53-recovery-control-config:ListTagsForResource,
route53-recovery-control-config:TagResource,
route53-recovery-control-config:UntagResource

Delete

route53-recovery-control-config:DescribeSafetyRule,
route53-recovery-control-config:DeleteSafetyRule

List

route53-recovery-control-config:ListSafetyRules

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

DELETE example​

Permissions​

Create​

Read​

Update​

Delete​

List​