Skip to content
This repository has been archived by the owner on Oct 15, 2024. It is now read-only.

Commit

Permalink
Filter IAM roles and policy attachments related to SSO (#1028)
Browse files Browse the repository at this point in the history
  • Loading branch information
@krzysdabro
krzysdabro authored Jun 20, 2023
1 parent fb4e27a commit 58e4627
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
3 changes: 3 additions & 0 deletions resources/iam-role-policy-attachments.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,9 @@ func (e *IAMRolePolicyAttachment) Filter() error {
if strings.Contains(e.policyArn, ":iam::aws:policy/aws-service-role/") {
return fmt.Errorf("cannot detach from service roles")
}
if strings.HasPrefix(*e.role.Path, "/aws-reserved/sso.amazonaws.com/") {
return fmt.Errorf("cannot detach from SSO roles")
}
return nil
}

Expand Down
3 changes: 3 additions & 0 deletions resources/iam-roles.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,9 @@ func (e *IAMRole) Filter() error {
if strings.HasPrefix(e.path, "/aws-service-role/") {
return fmt.Errorf("cannot delete service roles")
}
if strings.HasPrefix(e.path, "/aws-reserved/sso.amazonaws.com/") {
return fmt.Errorf("cannot delete SSO roles")
}
return nil
}

Expand Down

0 comments on commit 58e4627

Please sign in to comment.