New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Protect Control Tower Resources #711
Comments
There you go Disclaimer! `
account-blocklist:
accounts:
|
you might want to use
|
I'd like to contribute with what's being working for us. presets:
sso:
filters:
IAMSAMLProvider:
- type: "regex"
value: "AWSSSO_.*_DO_NOT_DELETE"
IAMRole:
- type: "glob"
value: "AWSReservedSSO_*"
IAMRolePolicyAttachment:
- type: "glob"
value: "AWSReservedSSO_*"
controltower:
filters:
CloudTrailTrail:
- type: "contains"
value: "aws-controltower"
CloudWatchEventsRule:
- type: "contains"
value: "aws-controltower"
EC2VPCEndpoint:
- type: "contains"
value: "aws-controltower"
EC2VPC:
- type: "contains"
value: "aws-controltower"
OpsWorksUserProfile:
- type: "contains"
value: "AWSControlTowerExecution"
CloudWatchLogsLogGroup:
- type: "contains"
value: "aws-controltower"
- type: "contains"
value: "AWSControlTowerBP"
CloudWatchEventsTarget:
- type: "contains"
value: "aws-controltower"
SNSSubscription:
- type: "contains"
value: "aws-controltower"
SNSTopic:
- type: "contains"
value: "aws-controltower"
EC2Subnet:
- type: "contains"
value: "aws-controltower"
ConfigServiceDeliveryChannel:
- type: "contains"
value: "aws-controltower"
ConfigServiceConfigurationRecorder:
- type: "contains"
value: "aws-controltower"
CloudFormationStack:
- type: "contains"
value: "AWSControlTower"
EC2RouteTable:
- type: "contains"
value: "aws-controltower"
LambdaFunction:
- type: "contains"
value: "aws-controltower"
EC2DHCPOption:
- type: "contains"
value: "aws-controltower"
IAMRole:
- type: "contains"
value: "aws-controltower"
- type: "contains"
value: "AWSControlTower"
IAMRolePolicyAttachment:
- type: "contains"
value: "aws-controltower"
- type: "contains"
value: "AWSControlTower"
IAMRolePolicy:
- type: "contains"
value: "aws-controltower" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I'm looking for a template to protect accounts in an organization deployed with AWS SSO and Control Tower
Thanks
The text was updated successfully, but these errors were encountered: