We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent b66ff1e commit e175dacCopy full SHA for e175dac
1 file changed
service_control_policies/resource_perimeter_scp.json
@@ -12,7 +12,6 @@
12
"arn:aws:ssm:*::automation-definition/*",
13
"arn:aws:imagebuilder:*:aws:component/*",
14
"arn:aws:imagebuilder:*:aws:image/*",
15
- "arn:aws:ec2:*::image/*",
16
"arn:aws:ec2:*:aws:prefix-list/*",
17
"arn:aws:lambda:*:<service-account-id>:layer:*",
18
"arn:aws:ecr:*:<service-account-id>:repository/*",
@@ -36,6 +35,7 @@
36
35
"Condition":{
37
"StringNotEqualsIfExists":{
38
"aws:ResourceOrgID":"<my-org-id>",
+ "ec2:Owner": "amazon",
39
"aws:PrincipalTag/dp:exclude:resource": "true"
40
}
41
@@ -79,4 +79,4 @@
79
80
81
]
82
-}
+}
0 commit comments