Skip to content

Releases: trussworks/terraform-aws-ou-scp

Adds Public Access Policy for S3 Buckets

20 Aug 20:33
@mdawn mdawn
v1.1.0
a1f68c1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Adds Public Access Policy for S3 Buckets

Adds additional policy:

  • Deny S3 Buckets Public Access (DenyS3BucketsPublicAccess)
Assets 2
Loading

Initial Release

09 Jul 16:39
@mdawn mdawn
v1.0.0
270d893
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Initial Release

Combines multiple Service Control Policies (SCP). Combining multiple policy statements into a single policy allows more than 5 policies to be be applied to a single Organizational Unit (OU). Alternatively, enables creation of a "Deny All Access" Service Control Policy.

Policy options* are:

  • Deny leaving AWS Organizations
  • Deny creating IAM users or access keys
  • Deny deleting KMS Keys
  • Deny deleting Route53 Hosted Zones
  • Deny deleting VPC Flow logs, Cloudwatch log groups, and Cloudwatch log streams
  • Deny root account
  • Protect S3 Buckets
  • Protect IAM Roles
  • Restrict Regional Operations
  • Require S3 encryption

*Options are based on policies previously defined in terraform-aws-org-scp.

Assets 2
Loading