Merge pull request #48 from trussworks/aws-updates

fix: update resources that cannot be limited by region
trussworks · Mar 1, 2024 · bceeb69 · bceeb69
2 parents 4538297 + fe6eeb2
commit bceeb69
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/main.tf b/main.tf
@@ -231,7 +231,6 @@ data "aws_iam_policy_document" "combined_policy_block" {
       # https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html
       not_actions = [
         "a4b:*",
-        "access-analyzer:*",
         "acm:*",
         "aws-marketplace-management:*",
         "aws-marketplace:*",
@@ -258,8 +257,12 @@ data "aws_iam_policy_document" "combined_policy_block" {
         "pricing:*",
         "route53:*",
         "route53domains:*",
+        "route53-recovery-cluster:*",
+        "route53-recovery-control-config:*",
+        "route53-recovery-readiness:*",
         "s3:GetAccountPublic*",
         "s3:ListAllMyBuckets",
+        "s3:ListMultiRegionAccessPoints",
         "s3:PutAccountPublic*",
         "shield:*",
         "sts:*",