cloud-foundation-fabric/fast/stages/0-bootstrap/data/org-policies/iam.yaml

26 lines
581 B
YAML

# skip boilerplate check
#
# sample subset of useful organization policies, edit to suit requirements
---
# Terraform will be unable to decode this file if it does not contain valid YAML
# You can retain `---` (start of the document) to indicate an empty document.
iam.automaticIamGrantsForDefaultServiceAccounts:
rules:
- enforce: true
iam.disableServiceAccountKeyCreation:
rules:
- enforce: true
iam.disableServiceAccountKeyUpload:
rules:
- enforce: true
iam.serviceAccountKeyExposureResponse:
rules:
- allow:
values:
- DISABLE_KEY