feat: update allowed_regions SCP to include latest services (#190)

update allowed_regions SCP to include latest services
schubergphilis · Sep 8, 2023 · 64f235e · 64f235e
1 parent adcec58
commit 64f235e
Showing 1 changed file with 32 additions and 3 deletions.
diff --git a/files/organizations/allowed_regions.json.tpl b/files/organizations/allowed_regions.json.tpl
@@ -7,11 +7,15 @@
             "NotAction": [
                 "a4b:*",
                 "access-analyzer:*",
+                "account:*",
                 "acm:*",
+                "activate:*",
+                "artifact:*",
                 "aws-marketplace-management:*",
                 "aws-marketplace:*",
                 "aws-portal:*",
-                "awsbillingconsole:*",
+                "billing:*",
+                "billingconductor:*",
                 "budgets:*",
                 "ce:*",
                 "chatbot:*",
@@ -24,30 +28,49 @@
                 "cloudwatch:Describe*",
                 "cloudwatch:Get*",
                 "cloudwatch:List*",
+                "compute-optimizer:*",
                 "config:*",
+                "consoleapp:*",
+                "consolidatedbilling:*",
                 "cur:*",
+                "datapipeline:GetAccountLimits",
+                "devicefarm:*",
                 "directconnect:*",
+                "discovery-marketplace:*",
                 "ec2:DescribeRegions",
                 "ec2:DescribeTransitGateways",
                 "ec2:DescribeVpnGateways",
+                "ecr-public:*",
                 "fms:*",
+                "freetier:*",
                 "globalaccelerator:*",
                 "health:*",
                 "iam:*",
                 "importexport:*",
+                "invoicing:*",
+                "iq:*",
                 "kms:*",
+                "license-manager:ListReceivedLicenses",
+                "lightsail:Get*",
                 "mobileanalytics:*",
                 "networkmanager:*",
+                "notifications-contacts:*",
+                "notifications:*",
                 "organizations:*",
+                "payments:*",
                 "pricing:*",
+                "resource-explorer-2:*",
                 "route53-recovery-cluster:*",
                 "route53-recovery-control-config:*",
                 "route53-recovery-readiness:*",
                 "route53:*",
                 "route53domains:*",
+                "s3:CreateMultiRegionAccessPoint",
                 "s3:DeleteMultiRegionAccessPoint",
                 "s3:DescribeMultiRegionAccessPointOperation",
-                "s3:GetAccountPublic*",
+                "s3:GetAccountPublicAccessBlock",
+                "s3:GetBucketLocation",
+                "s3:GetBucketPolicyStatus",
                 "s3:GetBucketPublicAccessBlock",
                 "s3:GetMultiRegionAccessPoint",
                 "s3:GetMultiRegionAccessPointPolicy",
@@ -57,14 +80,20 @@
                 "s3:ListAllMyBuckets",
                 "s3:ListMultiRegionAccessPoints",
                 "s3:ListStorageLensConfigurations",
-                "s3:PutAccountPublic*",
                 "s3:PutAccountPublicAccessBlock",
+                "s3:PutMultiRegionAccessPointPolicy",
+                "savingsplans:*",
                 "shield:*",
+                "sso:*",
                 "sts:*",
                 "support:*",
+                "supportapp:*",
                 "supportplans:*",
                 "sustainability:*",
+                "tag:GetResources",
+                "tax:*",
                 "trustedadvisor:*",
+                "vendor-insights:ListEntitledSecurityProfiles",
                 "waf-regional:*",
                 "waf:*",
                 "wafv2:*",