AWSConfigRemediation-EnableCopyTagsToSnapshotOnRDSCluster
Description
The AWSConfigRemediation-EnableCopyTagsToSnapshotOnRDSCluster
runbook enables the CopyTagsToSnapshot
setting on the Amazon Relational Database Service (Amazon RDS)
cluster you specify. Enabling this setting copies all tags from the DB cluster to
snapshots of the DB cluster. The default is not to copy them. Amazon Config must be enabled
in the Amazon Web Services Region where you run this automation.
Document type
Automation
Owner
Amazon
Platforms
Databases
Parameters
-
ApplyImmediately
Type: Boolean
Default: false
Description: (Optional) If you specify
true
for this parameter, the modifications in this request and any pending modifications are asynchronously applied as soon as possible, regardless of thePreferredMaintenanceWindow
setting for the DB cluster. -
AutomationAssumeRole
Type: String
Description: (Required) The Amazon Resource Name (ARN) of the Amazon Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf.
-
DbClusterResourceId
Type: String
Description: (Required) The resource identifier for the DB cluster you want to enable the
CopyTagsToSnapshot
setting on.
Required IAM permissions
The AutomationAssumeRole
parameter requires the following actions to
use the runbook successfully.
-
ssm:StartAutomationExecution
-
ssm:GetAutomationExecution
-
config:GetResourceConfigHistory
-
rds:DescribeDBClusters
-
rds:ModifyDBCluster
Document Steps
-
aws:executeAwsApi
- Gathers the DB cluster identifier from the DB cluster resource identifier. -
aws:assertAwsResourceProperty
- Confirms the DB cluster is in anAVAILABLE
state. -
aws:executeAwsApi
- Enables theCopyTagsToSnapshot
setting on your DB cluster. -
aws:assertAwsResourceProperty
- Confirms theCopyTagsToSnapshot
setting is enabled on your DB cluster.