Skip to content

Commit

Permalink
Merge pull request #16 from jplock/jp-update-assumed-root
Browse files Browse the repository at this point in the history 
[fix] prevent root actions
  • Loading branch information
@jplock
jplock authored Feb 12, 2025
2 parents 5aafdc2 + aa74bce commit 9746c50
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion template.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,8 +85,10 @@ Resources:
Action: "*"
Resource: "*"
Condition:
StringLike:
ArnLike:
"aws:PrincipalArn": !Sub "arn:${AWS::Partition}:iam::*:root"
"Null":
"aws:AssumedRoot": "true"
- Sid: DenyLeaveOrganization
Effect: Deny
Action: "organizations:LeaveOrganization"
Expand Down

0 comments on commit 9746c50

Please sign in to comment.