| | |
| | | - config-rule-role |
| | | - OrganizationAccountAccessRole |
| | | - AWSServiceRoleForCloudTrail |
| | | - AWSServiceRoleForElasticLoadBalancing |
| | | - AWSServiceRoleForOrganizations |
| | | - AWSServiceRoleForSupport |
| | | - AWSServiceRoleForTrustedAdvisor |
| | | |
| | | IAMRolePolicy: |
| | | - "OrganizationAccountAccessRole -> AdministratorAccess" |
| | | |
| | | IAMRolePolicyAttachment: |
| | | - property: RoleName |
| | | value: "OrganizationAccountAccessRole" |
| | | value: OrganizationAccountAccessRole |
| | | |
| | | - AWSServiceRoleForCloudTrail -> CloudTrailServiceRolePolicy |
| | | - AWSServiceRoleForElasticLoadBalancing -> AWSElasticLoadBalancingServiceRolePolicy |
| | | - AWSServiceRoleForOrganizations -> AWSOrganizationsServiceTrustPolicy |
| | | - AWSServiceRoleForSupport -> AWSSupportServiceRolePolicy |
| | | - AWSServiceRoleForTrustedAdvisor -> AWSTrustedAdvisorServiceRolePolicy |
| | | |
| | | IAMPolicy: |
| | | - arn:aws:iam::{{ account_id }}:policy/config-rule-policy |
| | |
| | | CloudTrailTrail: |
| | | - RHOrganization |
| | | |
| | | # The following resources cannot be delete, so skip them by default |
| | | KMSAlias: |
| | | - alias/aws/dynamodb |
| | | - alias/aws/ebs |
| | | - alias/aws/elasticfilesystem |
| | | - alias/aws/es |
| | | - alias/aws/glue |
| | | - alias/aws/kinesisvideo |
| | | - alias/aws/rds |
| | | - alias/aws/redshift |
| | | - alias/aws/s3 |
| | | - alias/aws/ssm |
| | | - alias/aws/xray |
| | | KMSKey: |
| | | # AWS managed key |
| | | - 019e63a9-089e-42d8-9125-9e8461923851 |
| | | - 73df181b-38b8-44b6-8488-f8226933e7bf |
| | | - 6cadef27-c9cf-4024-82a3-1e0cdab6431f |
| | | - af193208-b881-44d0-b420-aaa43bbce83c |
| | | - f4b1b7ab-8d6f-464b-9ff3-c1a9e2520039 |
| | | - 5e386636-7213-40f4-a3eb-843a4072e755 |
| | | - 9c0396a9-72be-4d1e-8298-4615c07d03ab |
| | | |
| | | MediaConvertQueue: |
| | | - Default |
| | | |
| | | ############################## |
| | | # POOL management |