Add CLI option to force-include AWS services #13
Comments
|
I thought about this scenario. I like the idea of the self-service approach to allow custom policy creation but went back and forth on if that fits into the goal of the repo from a compliance pov. If the repo will expand to being a general SCP / policy creation tool then it makes sense. I also thought about creating a custom "Issue" on this repo that is templated to add or remove services from compliance programs. For example, if the repo is out of date, we would have a dedicated issue template to request a service be added (if the user did not want to make the code changes themselves). |
I was thinking about using this for that: https://github.com/salesforce/aws-allowlister/blob/main/aws_allowlister/data/overrides.yml#L168 |
I definitely don't think we want it to be a general SCP / policy creation tool - I wrote it specifically for AllowLists lol. Perhaps we should settle for uniformity instead of an overload of customization opportunities, and not include this CLI option |
|
I spoke with someone about this internally. He identified two very legit use cases for if someone would want these include and exclude options (for reasons other than doing things you shouldn't be doing)
|
|
Very good points. It doesn't hurt to include it and can only add benefits (not take away) for numerous situations, especially the exclude scenario like you mentioned. |
…include-aws-services Adds ability to exclude and include AWS services via command line
Just in case someone needs to include an AWS service but the tooling has not caught up.
Maybe also an exclude option:
@jdyke thoughts?
The text was updated successfully, but these errors were encountered: