commit
6426a36722
|
@ -64,7 +64,7 @@ A full reference of IAM roles managed by this stage [is available here](./IAM.md
|
|||
|
||||
It's often desirable to have organization policies deployed before any other resource in the org, so as to ensure compliance with specific requirements (e.g. location restrictions), or control the configuration of specific resources (e.g. default network at project creation or service account grants).
|
||||
|
||||
To cover this use case, organization policies have been moved from the resource management to the bootstrap stage in FAST versions after 26.0.0. They are managed via the usual factory aopproach, and a [sample set of data files](./data/org-policies/) is included with this stage.
|
||||
To cover this use case, organization policies have been moved from the resource management to the bootstrap stage in FAST versions after 26.0.0. They are managed via the usual factory approach, and a [sample set of data files](./data/org-policies/) is included with this stage.
|
||||
|
||||
The only current exception to the factory approach is the `iam.allowedPolicyMemberDomains` constraint, which is managed in code so as to be able to auto-allow the organization's domain. More domains can be added via the `org_policies_config` variable, which also serves as an umbrella for future policies that will need to be managed in code.
|
||||
|
||||
|
|
Loading…
Reference in New Issue