From ad7e2184af9b9964dfd910104e161e39c537a1ed Mon Sep 17 00:00:00 2001 From: Igor Rodionov Date: Fri, 20 Sep 2024 01:42:05 +0300 Subject: [PATCH] Keep IAM Users and Organization Role (#125) * Kepp IAM Users and Organization Role * Update aws-nuke.yaml * Update aws-nuke.yaml * Kepp IAM Users and Organization Role --- .github/aws-nuke.yaml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/aws-nuke.yaml b/.github/aws-nuke.yaml index cc6a2e0..ca83aa2 100644 --- a/.github/aws-nuke.yaml +++ b/.github/aws-nuke.yaml @@ -32,9 +32,29 @@ regions: - us-gov-east-1 - us-gov-west-1 + +resource-types: + # don't nuke IAM users + excludes: + - IAMUser + - IAMUserAccessKey + - IAMUserPolicyAttachment + account-blocklist: - "999999999999" # production accounts: # testing account - 126450723953: {} + 126450723953: + presets: + - defaults + +presets: + defaults: + filters: + IAMRole: + - "OrganizationAccountAccessRole" + IAMRolePolicy: + - property: "role:RoleName" + type: "regex" + value: "^OrganizationAccountAccessRole$"