Kepp IAM Users and Organization Role

cloudposse · Sep 19, 2024 · 5e2b184 · 5e2b184
1 parent 7146581
commit 5e2b184
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/.github/aws-nuke.yaml b/.github/aws-nuke.yaml
@@ -32,9 +32,26 @@ regions:
   - us-gov-east-1
   - us-gov-west-1
 
+  # don't nuke IAM users
+excludes:
+  - IAMUser
+
 account-blocklist:
   - "999999999999" # production
 
 accounts:
   # testing account
-  126450723953: {}
+  126450723953:
+    presets:
+      - defaults
+
+presets:
+  defaults:
+    filters:
+      IAMRole:
+        - "OrganizationAccountAccessRole"
+
+      IAMRolePolicy:
+        - property: "role:RoleName"
+          type: "regex"
+          value: "^OrganizationAccountAccessRole$"