Skip to content

Add AWS Trusted Access Exception Management baseline policy pack#927

Closed
dboeke wants to merge 5 commits intomainfrom
aws-trusted-access-exceptions
Closed

Add AWS Trusted Access Exception Management baseline policy pack#927
dboeke wants to merge 5 commits intomainfrom
aws-trusted-access-exceptions

Conversation

@dboeke
Copy link
Contributor

@dboeke dboeke commented Mar 10, 2025
edited
Loading

This PR adds a new AWS Trusted Access Exception Management baseline policy pack that provides a centralized way to manage trusted access exceptions across an AWS environment.

Updates in this PR

  • Redesigned Variable Structure: Implemented a map-based approach for resource types and policy values
  • Moved policy_map to locals: Prevents users from accidentally modifying internal mapping data
  • Consolidated Local Variables: Organized all local variables in a single file for better code structure
  • Centralized Exception Configuration: Added support for baseline exceptions that apply across all accounts plus account-specific exceptions
  • Dynamic Policy Calculation: Improved template logic to combine baseline and account-specific trusted accounts
  • Applied Consistent Formatting: Used terraform fmt for standardized code style
  • Documentation: Updated README with comprehensive explanation of the new configuration approach

Key Features of the Policy Pack

  • Define a centralized configuration for trusted access exceptions
  • Apply baseline trusted accounts across all AWS accounts
  • Configure account-specific exceptions for different AWS accounts
  • Automatically implement trusted access policies with calculated policies
  • Simplified user interface with internal implementation details hidden in code

How to Use

  1. Copy terraform.tfvars.example to terraform.tfvars
  2. Customize the trusted_access_controls map to enable/disable specific resource types
  3. Configure baseline and account-specific trusted accounts in the trusted_access_exceptions variable
  4. Apply the policy pack to your Guardrails workspace

dboeke and others added 5 commits March 10, 2025 17:35
@dboeke @claude
Add AWS Trusted Access Exception Management baseline policy pack
0ec0149 
This policy pack implements a framework for managing exceptions to AWS Trusted Access controls:

- Provides a centralized configuration file for trusted access exceptions
- Supports both baseline trusted accounts applied to all AWS accounts
- Enables account-specific exceptions for individual AWS accounts
- Uses calculated policies to dynamically determine trusted accounts
- Supports various AWS resource types including S3, IAM, Lambda, EC2, RDS, and more

The policy pack enables security teams to maintain consistent trusted access controls
while allowing for legitimate exceptions on a per-account basis.

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
@dboeke @claude
Refactor AWS Trusted Access baseline policy pack for better scalability
d6465f2 
- Redesigned variables with map-based approach for resource types and policy values
- Added centralized trusted access exceptions configuration with baseline and account-specific settings
- Improved template calculation to combine baseline and account-specific trusted accounts
- Updated README with new configuration documentation
- Added plan.out to gitignore

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
@dboeke @claude
Move policy_map to locals to prevent user modification
f755bdd 
- Moved policy_map from variables to locals
- Updated policies.tf to reference local.policy_map
- Removed policy_map from terraform.tfvars and example
- Updated README documentation to reflect new design
- Simplifies user configuration by hiding internal mappings

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
@dboeke @claude
Move all local variables to locals.tf and format with terraform fmt
eab203f 
- Consolidated all local variables in locals.tf for better organization
- Moved trusted_access_exceptions_json variables from metadata.tf
- Applied terraform fmt to ensure consistent code formatting
- Improves code organization and readability

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
@dboeke @claude
Improve comments and documentation
c90beb2 
- Update comments in terraform.tfvars.example to be more clear
- Fix capitalization in policies.tf comments (skip/check/enforce)
- Remove redundant comments in metadata.tf for cleaner code
- Reorder explanatory comments in tfvars example file for better flow

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
@github-actions
Copy link

github-actions bot commented May 10, 2025

This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

@github-actions github-actions bot added the stale label May 10, 2025
@github-actions
Copy link

github-actions bot commented Jun 9, 2025

This PR was closed because it has been stalled for 90 days with no activity.

@github-actions github-actions bot closed this Jun 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dboeke