Control: AWS > RDS > DB Snapshot [Manual] > Allowed > Region

Take an action when an AWS RDS db snapshot [manual] is created in a region that is not allowed.

The Allowed > Region control checks if the db snapshot [manual] is created in an allowed region based on the Allowed > Region > * policies. If the db snapshot [manual] is created in a region that is not in the allowed list, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete if region not allowed and db snapshot [manual] is new, this control will only take the enforcement actions for resources created within the last 60 minutes.

Resource Types

This control targets the following resource types:

AWS > RDS > DB Snapshot [Manual]

Policies

The following policies can be used to configure this control:

AWS > RDS > DB Snapshot [Manual] > Allowed > Region

This control type relies on these other policies when running actions:

AWS > RDS > DB Snapshot [Manual] > Allowed > Region > Regions

Permissions

Cloud permissions used by this control and its actions:

rds:DeleteDBSnapshot

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-rds#/control/types/dbSnapshotManualAllowedRegion

Category URI

tmod:@turbot/turbot#/control/categories/resourceAllowed

GraphQL

query controlType(id: "tmod:@turbot/aws-rds#/control/types/dbSnapshotManualAllowedRegion") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-rds#/control/types/dbSnapshotManualAllowedRegion'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-rds#/control/types/dbSnapshotManualAllowedRegion"