Releases: trussworks/terraform-aws-org-scp
Confirmed fix for v1.6.3
So, the fix implemented in v1.6.3 didn't actually work -- we've added some switches for the protect-iam-role resources to make sure it actually works properly. This has been more thoroughly tested and now works with both cases.
Fixing empty protect_iam_role_target_ids default
v1.5.0 introduced a bug for using the module with no target IDs specified for the protect_iam_role SCP; this fixes the default to get rid of a nonbreaking error that this would cause.
Another bugfix for region restriction
Fixing more region restriction code.
Region restriction bugfix
There was a broken component of the region restriction SCP; this fixes that bug. Also updated README with an example.
Region restriction SCP
This release adds an SCP that prevents the execution of AWS operations outside a list of approved regions.
Single policy for protect_iam_role in organization
Merge pull request #9 from mjuarez/role-attachments Single policy for protect_iam_role in organization
SCPs protecting sensitive IAM roles and S3 buckets
Merge pull request #8 from trussworks/mk-protect SCPs to protect IAM roles and S3 buckets
Fixing reference to the policy document
previously was only referencing the policy object
Minor fix to policy attatchment of deleting_cloudwatch_logs
fixes issue with element selection from target_ids
Adds a policy to restrict deletion of Cloudwatch resources
Adds a policy that denies VPC flow log deletion, deleting Cloudwatch log groups, and deleting Cloudwatch log streams.