27 lines
651 B
YAML
27 lines
651 B
YAML
apiVersion: organizations.aws.m.upbound.io/v1beta1
|
|
kind: Policy
|
|
metadata:
|
|
name: deny-leave-organization
|
|
namespace: aws-organization
|
|
labels:
|
|
policy-type: scp
|
|
purpose: security
|
|
spec:
|
|
forProvider:
|
|
name: DenyLeaveOrganization
|
|
description: Prevent accounts from leaving the organization
|
|
type: SERVICE_CONTROL_POLICY
|
|
content: |
|
|
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Sid": "DenyLeaveOrg",
|
|
"Effect": "Deny",
|
|
"Action": "organizations:LeaveOrganization",
|
|
"Resource": "*"
|
|
}
|
|
]
|
|
}
|
|
providerConfigRef:
|
|
name: org-config |