The Filter Node is an extension of the Resource node (so it always comes after the resource node), which enables you to filter out the specific resource that you have selected. The Filter node selectively retains a subset of AWS resources from a large set of a particular AWS service as per the conditions and nested conditions defined in this node’s parameter window or according to the parameters derived from the previous Resource node.
For instance, you can use the filter node if you want to take action on IAM users whose Access Keys age is greater than 90 days. The and/or parameter can be used to set up multiple filters.
To add a filter node, click on the ‘+’ and select Filter. This usually comes initially, as the node after the Resource node. Click on the node and select ‘edit’ to open the parameters options for the nodes.
As usual, you’ll find the ‘Node Name’ and the ‘Node ID’ of the Filter node.
‘Select data to filter’ gives you a dropdown list of all the resources and resource attributes you had selected in the previous node. Here’s where resource referencing plays a huge role. If you had one previous resource node, where you selected “EC2 Instances” and the service & resource, and added an ‘Addon’ of “Security Groups”, you’ll be able to reference each of them separately in the filter node. Meaning, you can select only the ‘EC2 Instances’ and the data to filter, or only ‘Security Groups’ as the data to filter.
Next, you define the actual filter condition. Here, you can filter based on multiple types of filter options. They are:
Param: Helps filter resources by their attributes or their Add-ons attributes.
Tags: Helps filter resources by their tags.
Security Group: Helps filter certain resources based on the properties of Security Groups associated with those resources or directly on the Security Groups themselves. Note that it is applicable only to EC2 SGs, Cluster SGs, mount target SGs, Cache SGs, DB SGs, and Stale SGs.
Network ACLs: Helps filter certain resources based on the properties of NACL Rules associated with those resources or directly on NACL. Note that it is applicable to subnets that have associated NACL Rules.
Function: Helps selectively filter resources using custom Java scripts, when none of the other Filters work.
Time/Date: Ideal for filtering resources based on date value, such as 'Launch Time'.
You can click on the ‘Add Condition’ option to add multiple filters, with an ‘And’ and ‘Or’ option available.