Skip to content

Commit 11a98ed

Browse files
Brian969Brian969
authored
(config)Tweak SCP account suspension (#542)
* Tweak SCP's to allow closing accounts
1 parent 4785097 commit 11a98ed

File tree

2 files changed

+5
-4
lines changed

2 files changed

+5
-4
lines changed

reference-artifacts/SCPs/PBMMAccel-Guardrails-Part1.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -142,8 +142,7 @@
142142
"Sid": "SSM",
143143
"Effect": "Deny",
144144
"Action": [
145-
"ssm:DeleteParameter",
146-
"ssm:DeleteParameters",
145+
"ssm:DeleteParam*",
147146
"ssm:PutParameter",
148147
"ssm:DeleteDocument",
149148
"ssm:UpdateDocument",
@@ -253,7 +252,8 @@
253252
"ArnNotLike": {
254253
"aws:PrincipalARN": [
255254
"arn:aws:iam::*:role/AWSCloudFormationStackSetExecutionRole",
256-
"arn:aws:iam::*:role/PBMMAccel-*"
255+
"arn:aws:iam::*:role/PBMMAccel-*",
256+
"arn:aws:iam::*:root"
257257
]
258258
}
259259
}

reference-artifacts/SCPs/PBMMAccel-Guardrails-Part2.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
"aws-marketplace:DescribePrivateMarketplaceProducts",
1212
"aws-marketplace:DescribePrivateMarketplaceProfile",
1313
"aws-marketplace:DescribePrivateMarketplaceStatus",
14-
"aws-marketplace:DisassociateProductsFromPrivateMarketplace",
14+
"aws-marketplace:DisassociateProducts*",
1515
"aws-marketplace:ListPrivateMarketplaceProducts",
1616
"aws-marketplace:StartPrivateMarketplace",
1717
"aws-marketplace:StopPrivateMarketplace",
@@ -30,6 +30,7 @@
3030
"iam:ListMFADevices",
3131
"iam:ListVirtualMFADevices",
3232
"iam:ResyncMFADevice",
33+
"aws-portal:*",
3334
"sts:GetSessionToken"
3435
],
3536
"Resource": "*",

0 commit comments

Comments
 (0)