-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathAWSConfigProtect.json
31 lines (31 loc) · 1021 Bytes
/
AWSConfigProtect.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
{
"Version": "2012-10-17",
"Statement": [
{
"Condition": {
"ArnNotLike": {
"aws:PrincipalARN": "arn:aws:iam::*:role/*AdministratorAccess*"
}
},
"Action": [
"config:DeleteConfigurationRecorder",
"config:DeleteDeliveryChannel",
"config:DeleteRetentionConfiguration",
"config:PutConfigurationRecorder",
"config:PutDeliveryChannel",
"config:PutRetentionConfiguration",
"config:StopConfigurationRecorder",
"config:PutConfigRule",
"config:DeleteConfigRule",
"config:DeleteEvaluationResults",
"config:DeleteConfigurationAggregator",
"config:PutConfigurationAggregator"
],
"Resource": [
"*"
],
"Effect": "Deny",
"Sid": "DenyDisableConfig"
}
]
}