Soenke Ruempler
Soenke Ruempler
@frumania thanks! This looks good, and esp already allows several CT principals as exception. Our current version is: ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "DenyAllOutsideEU", "Effect": "Deny", "NotAction":...
aSecureCloud: https://asecure.cloud/a/scp_whitelist_region/
Descoped from 1.0
It might probably worth waiting for CT region selection feature since otherwise we would have to create exceptions for CT and its sub-services like e.g. AWS Config Rules. @yawn ok...
> It might probably worth waiting for CT region selection feature since otherwise we would have to create exceptions for CT and its sub-services like e.g. AWS Config Rules. This...
> This is now possible: https://aws.amazon.com/about-aws/whats-new/2021/02/aws-control-tower-now-provides-region-selection/ Control Tower now rolls itself out only to its home region: 
> I would actually postpone this (despite speeding the installation up) and wait for #26. This is #26. :)
> So, initially we'd need some configurations for regions as a parameter list maybe? Maybe AP/EU/US and US- (everything except us-std 🥇)? I'd say initially - to keep it simple...
Scoping this out from 1.1 because of rumors...
I tested this with the current Lambda and SSM Automation Client Libs and it's not available yet, so descoping for 1.0