Skip to content

Commit

Permalink
Deny DCE from support, deny DCE from editing KMS policies (#494)
Browse files Browse the repository at this point in the history 
* Deny DCE from support, deny DCE from editing KMS policies

* Update nuke, format better
  • Loading branch information
@bjfish25
bjfish25 authored Jun 27, 2024
1 parent 88e4f8c commit 88dd94d
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 3 deletions.
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,4 +104,4 @@ require (
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
)

replace github.com/rebuy-de/aws-nuke/v2 => github.com/Optum/aws-nuke/v2 v2.25.4
replace github.com/rebuy-de/aws-nuke/v2 => github.com/Optum/aws-nuke/v2 v2.25.5
4 changes: 2 additions & 2 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,8 +196,8 @@ github.com/CloudyKit/fastprinter v0.0.0-20200109182630-33d98a066a53/go.mod h1:+3
github.com/CloudyKit/jet/v3 v3.0.0/go.mod h1:HKQPgSJmdK8hdoAbKUUWajkHyHo4RaU5rMdUywE7VMo=
github.com/Joker/hpp v1.0.0/go.mod h1:8x5n+M1Hp5hC0g8okX3sR3vFQwynaX/UgSOM9MeBKzY=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/Optum/aws-nuke/v2 v2.25.4 h1:8SKXZburVzu/kJg2dead6iHSadFTsoDffIUqvm1c8UI=
github.com/Optum/aws-nuke/v2 v2.25.4/go.mod h1:LaslSBqqWIa+EdDrxj1Pltr04cMAyxcL+bYy+7ZT/jg=
github.com/Optum/aws-nuke/v2 v2.25.5 h1:F3WpJ+uwnecbTeN1hg+ZAc+y2PUNAMQw8UavFPYiZT4=
github.com/Optum/aws-nuke/v2 v2.25.5/go.mod h1:LaslSBqqWIa+EdDrxj1Pltr04cMAyxcL+bYy+7ZT/jg=
github.com/Shopify/goreferrer v0.0.0-20181106222321-ec9c9a553398/go.mod h1:a1uqRtAwp2Xwc6WNPJEufxJ7fx3npB4UV/JOLmbu5I0=
github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
Expand Down
16 changes: 16 additions & 0 deletions modules/fixtures/policies/principal_policy.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,22 @@
],
"Resource": "*"
},
{
"Sid": "DenySpecificKMSActions",
"Effect": "Deny",
"Action": [
"kms:PutKeyPolicy"
],
"Resource": "*"
},
{
"Sid": "DenySupportCenter",
"Effect": "Deny",
"Action": [
"support:*"
],
"Resource": "*"
},
{
"Sid": "ViewBillingBudgetsQuotas",
"Effect": "Allow",
Expand Down

0 comments on commit 88dd94d

Please sign in to comment.