feat: update the tag policy services and resource types list that sup…

…port enforcement (#187)
schubergphilis · Aug 8, 2023 · 1efb834 · 1efb834
1 parent 024145e
commit 1efb834
Showing 1 changed file with 34 additions and 36 deletions.
diff --git a/modules/tag-policy-assignment/locals.tf b/modules/tag-policy-assignment/locals.tf
@@ -1,35 +1,36 @@
 locals {
   all_enforced_services = [
+    "acm-pca:certificate-authority",
     "acm:*",
-    "amplifyuibuilder:component",
-    "amplifyuibuilder:theme",
+    "amplifyuibuilder:app/environment/components",
+    "amplifyuibuilder:app/environment/themes",
     "apigateway:apikeys",
     "apigateway:domainnames",
     "apigateway:restapis",
-    "apigateway:stages",
+    "apigateway:restapis/stages",
     "appconfig:application",
-    "appconfig:configurationprofile",
-    "appconfig:deployment",
+    "appconfig:application/configurationprofile",
+    "appconfig:application/environment",
+    "appconfig:application/environment/deployment",
     "appconfig:deploymentstrategy",
-    "appconfig:environment",
     "appmesh:*",
     "athena:*",
     "auditmanager:assessment",
-    "auditmanager:assessmentControlSet",
     "auditmanager:assessmentFramework",
     "auditmanager:control",
-    "backup:backupPlan",
-    "backup:backupVault",
     "backup-gateway:gateway",
     "backup-gateway:hypervisor",
     "backup-gateway:vm",
+    "backup:*",
     "batch:job",
     "batch:job-definition",
     "batch:job-queue",
     "bugbust:event",
+    "catalog:portfolio",
+    "catalog:product",
     "chime:app-instance",
-    "chime:app-instance-user",
-    "chime:channel",
+    "chime:app-instance/channel",
+    "chime:app-instance/user",
     "cloud9:environment",
     "cloudfront:*",
     "cloudtrail:*",
@@ -44,12 +45,12 @@ locals {
     "cognito-idp:*",
     "comprehend:*",
     "config:*",
-    "connect:contact-flow",
-    "connect:integration-association",
-    "connect:queue",
-    "connect:quick-connect",
-    "connect:routing-profile",
-    "connect:user",
+    "connect:instance/agent",
+    "connect:instance/contact-flow",
+    "connect:instance/integration-association",
+    "connect:instance/queue",
+    "connect:instance/routing-profile",
+    "connect:instance/transfer-destination",
     "directconnect:*",
     "directconnect:dxcon",
     "directconnect:dxlag",
@@ -76,7 +77,7 @@ locals {
     "ec2:route-table",
     "ec2:security-group",
     "ec2:snapshot",
-    "ec2:spot-instance-request",
+    "ec2:spot-instances-request",
     "ec2:subnet",
     "ec2:traffic-mirror-filter",
     "ec2:traffic-mirror-session",
@@ -93,7 +94,7 @@ locals {
     "ecs:service",
     "ecs:task-set",
     "eks:cluster",
-    "elastic-inference:accelerator",
+    "elastic-inference:elastic-inference-accelerator",
     "elasticache:cluster",
     "elasticbeanstalk:application",
     "elasticbeanstalk:applicationversion",
@@ -104,8 +105,7 @@ locals {
     "elasticloadbalancing:*",
     "elasticloadbalancing:loadbalancer",
     "elasticloadbalancing:targetgroup",
-    "elasticmapreduce:cluster",
-    "elasticmapreduce:editor",
+    "elasticmapreduce:*",
     "es:domain",
     "events:*",
     "firehose:*",
@@ -117,18 +117,18 @@ locals {
     "frauddetector:variable",
     "fsx:*",
     "globalaccelerator:accelerator",
-    "greengrass:bulkDeployment",
-    "greengrass:connectorDefinition",
-    "greengrass:coreDefinition",
-    "greengrass:deviceDefinition",
-    "greengrass:functionDefinition",
-    "greengrass:loggerDefinition",
-    "greengrass:resourceDefinition",
-    "greengrass:subscriptionDefinition",
+    "greengrass:bulk",
+    "greengrass:connectorsDefinition",
+    "greengrass:coresDefinition",
+    "greengrass:devicesDefinition",
+    "greengrass:functionsDefinition",
+    "greengrass:loggersDefinition",
+    "greengrass:resourcesDefinition",
+    "greengrass:subscriptionsDefinition",
     "guardduty:detector",
-    "guardduty:filter",
-    "guardduty:ipset",
-    "guardduty:threatintelset",
+    "guardduty:detector/filter",
+    "guardduty:detector/ipset",
+    "guardduty:detector/threatintelset",
     "healthlake:datastore",
     "iam:instance-profile",
     "iam:mfa",
@@ -208,15 +208,12 @@ locals {
     "sagemaker:training-job",
     "secretsmanager:*",
     "servicecatalog:application",
-    "servicecatalog:attributeGroup",
-    "servicecatalog:portfolio",
-    "servicecatalog:product",
+    "servicecatalog:attribute-groups",
     "sns:topic",
     "sqs:queue",
     "ssm-contacts:contact",
     "ssm:automation-execution",
     "ssm:document",
-    "ssm:maintenancewindowtask",
     "ssm:managed-instance",
     "ssm:opsitem",
     "ssm:patchbaseline",
@@ -230,6 +227,7 @@ locals {
     "wisdom:assistant",
     "wisdom:association",
     "wisdom:content",
+    "wisdom:knowledge",
     "wisdom:session",
     "worklink:fleet",
     "workspaces:*",