From b863f5d77b29a150d35696445a1400bd269cabe0 Mon Sep 17 00:00:00 2001 From: Guillaume Charest <1690085+gcharest@users.noreply.github.com> Date: Wed, 24 Jul 2024 10:59:36 -0400 Subject: [PATCH] Feat/enable aws nuke scp for nuke role (#301) * feat: update name and description * feat: enable aws nuke protection on scratch OU * fix: fmt --- terragrunt/org_account/organization/organizations.tf | 5 +++++ terragrunt/org_account/organization/scp.tf | 7 ++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/terragrunt/org_account/organization/organizations.tf b/terragrunt/org_account/organization/organizations.tf index 54ca9bac..e3e63cab 100644 --- a/terragrunt/org_account/organization/organizations.tf +++ b/terragrunt/org_account/organization/organizations.tf @@ -66,6 +66,11 @@ resource "aws_organizations_policy_attachment" "Sandbox-cds_snc_universal_guardr target_id = aws_organizations_organizational_unit.Sandbox.id } +resource "aws_organizations_policy_attachment" "Sandbox-aws_nuke_guardrails" { + policy_id = aws_organizations_policy.aws_nuke_guardrails.id + target_id = aws_organizations_organizational_unit.Sandbox.id +} + resource "aws_organizations_organizational_unit" "Security" { name = "Security" diff --git a/terragrunt/org_account/organization/scp.tf b/terragrunt/org_account/organization/scp.tf index 1d4baa83..cf2bb792 100644 --- a/terragrunt/org_account/organization/scp.tf +++ b/terragrunt/org_account/organization/scp.tf @@ -265,7 +265,8 @@ data "aws_iam_policy_document" "aws_nuke_guardrails" { } resource "aws_organizations_policy" "aws_nuke_guardrails" { - name = "Control Tower Guardrails" - type = "SERVICE_CONTROL_POLICY" - content = data.aws_iam_policy_document.aws_nuke_guardrails.json + name = "AWS Nuke Guardrails" + description = "Guardrails to protect AWS Control Tower and AWS SSO resources" + type = "SERVICE_CONTROL_POLICY" + content = data.aws_iam_policy_document.aws_nuke_guardrails.json } \ No newline at end of file