+ acm + rds

services/organization/scp-deny-leave-org.yaml

@@ -0,0 +1,27 @@
+apiVersion: organizations.aws.m.upbound.io/v1beta1
+kind: Policy
+metadata:
+  name: deny-leave-organization
+  namespace: aws-organization
+  labels:
+    policy-type: scp
+    purpose: security
+spec:
+  forProvider:
+    name: DenyLeaveOrganization
+    description: Prevent accounts from leaving the organization
+    type: SERVICE_CONTROL_POLICY
+    content: |
+      {
+        "Version": "2012-10-17",
+        "Statement": [
+          {
+            "Sid": "DenyLeaveOrg",
+            "Effect": "Deny",
+            "Action": "organizations:LeaveOrganization",
+            "Resource": "*"
+          }
+        ]
+      }
+  providerConfigRef:
+    name: org-config