From 3524ee8218d093ed578b0dbe26e5f9f9c73764df Mon Sep 17 00:00:00 2001
From: bhoff <bruce.hoff@sagebase.org>
Date: Tue, 28 Nov 2023 16:40:38 -0800
Subject: [PATCH] IT-3322 remove athena and application-manager roles from
 Organizations account

---
 org-formation/700-aws-sso/_tasks.yaml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/org-formation/700-aws-sso/_tasks.yaml b/org-formation/700-aws-sso/_tasks.yaml
index a5733889..8bf2244b 100644
--- a/org-formation/700-aws-sso/_tasks.yaml
+++ b/org-formation/700-aws-sso/_tasks.yaml
@@ -531,7 +531,7 @@ SsoApplicationManager:
   TerminationProtection: false
   DefaultOrganizationBindingRegion: !Ref primaryRegion
   DefaultOrganizationBinding:
-    IncludeMasterAccount: true
+    IncludeMasterAccount: false
   OrganizationBindings:
     TargetBinding:
       Account: '*'
@@ -574,7 +574,7 @@ SsoSynapseDWDevAthenaUser:
   TerminationProtection: false
   DefaultOrganizationBindingRegion: !Ref primaryRegion
   DefaultOrganizationBinding:
-    IncludeMasterAccount: true
+    IncludeMasterAccount: false
   OrganizationBindings:
     TargetBinding:
       Account: !Ref SynapseDevAccount
@@ -597,7 +597,7 @@ SsoSynapseDWProdAthenaUser:
   TerminationProtection: false
   DefaultOrganizationBindingRegion: !Ref primaryRegion
   DefaultOrganizationBinding:
-    IncludeMasterAccount: true
+    IncludeMasterAccount: false
   OrganizationBindings:
     TargetBinding:
       Account: !Ref SynapseProdAccount
@@ -1559,7 +1559,7 @@ SsoDntDevApplicationManager:
   StackDescription: 'SSO: Application Manager role used by DntDev application-manager group'
   DefaultOrganizationBindingRegion: !Ref primaryRegion
   DefaultOrganizationBinding:
-    IncludeMasterAccount: true
+    IncludeMasterAccount: false
   OrganizationBindings:
     TargetBinding:
       Account: !Ref DnTDevAccount
@@ -1730,7 +1730,7 @@ SsoDCAProdApplicationManager:
   StackDescription: 'SSO: Application Manager role used by DCA application-manager group'
   DefaultOrganizationBindingRegion: !Ref primaryRegion
   DefaultOrganizationBinding:
-    IncludeMasterAccount: true
+    IncludeMasterAccount: false
   OrganizationBindings:
     TargetBinding:
       Account: !Ref DCAProdAccount
@@ -1781,7 +1781,7 @@ SsoGenieProdApplicationManager:
   StackDescription: 'SSO: Application Manager role used by Genie application-manager group'
   DefaultOrganizationBindingRegion: !Ref primaryRegion
   DefaultOrganizationBinding:
-    IncludeMasterAccount: true
+    IncludeMasterAccount: false
   OrganizationBindings:
     TargetBinding:
       Account: !Ref GenieProdAccount
@@ -1969,7 +1969,7 @@ SsoDccValidatorProdApplicationManager:
   StackDescription: 'SSO: Application Manager role used by DccValidator-Prod application-manager group'
   DefaultOrganizationBindingRegion: !Ref primaryRegion
   DefaultOrganizationBinding:
-    IncludeMasterAccount: true
+    IncludeMasterAccount: false
   OrganizationBindings:
     TargetBinding:
       Account: !Ref DccvalidatorProdAccount