@cloud-copilot/iam-simulate 0.1.80 → 0.1.82
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +12 -18
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -91,30 +91,24 @@ const simulation: Simulation = {
|
|
|
91
91
|
/*
|
|
92
92
|
The default RCP `RCPFullAWSAccess` is always applied implicitly and you do not need to include it here. https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_rcps_examples.html#example-rcp-full-aws-access
|
|
93
93
|
*/
|
|
94
|
-
resourceControlPolicies: [
|
|
94
|
+
resourceControlPolicies: [
|
|
95
95
|
{
|
|
96
96
|
orgIdentifier: 'o-123456789012',
|
|
97
97
|
policies: [
|
|
98
98
|
{
|
|
99
99
|
name: 'EnforceSecureTransport',
|
|
100
100
|
policy: {
|
|
101
|
-
|
|
102
|
-
|
|
101
|
+
Version: '2012-10-17',
|
|
102
|
+
Statement: [
|
|
103
103
|
{
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
"kms:*"
|
|
113
|
-
],
|
|
114
|
-
"Resource": "*",
|
|
115
|
-
"Condition": {
|
|
116
|
-
"BoolIfExists": {
|
|
117
|
-
"aws:SecureTransport": "false"
|
|
104
|
+
Sid: 'EnforceSecureTransport',
|
|
105
|
+
Effect: 'Deny',
|
|
106
|
+
Principal: '*',
|
|
107
|
+
Action: ['sts:*', 's3:*', 'sqs:*', 'secretsmanager:*', 'kms:*'],
|
|
108
|
+
Resource: '*',
|
|
109
|
+
Condition: {
|
|
110
|
+
BoolIfExists: {
|
|
111
|
+
'aws:SecureTransport': 'false'
|
|
118
112
|
}
|
|
119
113
|
}
|
|
120
114
|
}
|
|
@@ -123,7 +117,7 @@ const simulation: Simulation = {
|
|
|
123
117
|
}
|
|
124
118
|
]
|
|
125
119
|
}
|
|
126
|
-
|
|
120
|
+
],
|
|
127
121
|
resourcePolicy: {
|
|
128
122
|
Version: '2012-10-17',
|
|
129
123
|
Statement: [
|