From 2788595b02fe451fd8d94bdbc1379f3208274ac7 Mon Sep 17 00:00:00 2001 From: Santiago Garcia Arango Date: Fri, 22 Sep 2023 00:28:07 -0500 Subject: [PATCH] Enable sample SCPs at root level --- cdk/stacks/cdk_organization.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cdk/stacks/cdk_organization.py b/cdk/stacks/cdk_organization.py index fa63a5b..c71ee3c 100644 --- a/cdk/stacks/cdk_organization.py +++ b/cdk/stacks/cdk_organization.py @@ -42,7 +42,7 @@ def __init__( # Organization creation, services configuration and SCPs self.create_root_organization() self.configure_organization_services() - # self.configure_service_control_policies() + self.configure_service_control_policies() # Create "sandbox" OU with inner OUs and accounts inside self.create_ou_sandbox() @@ -114,7 +114,6 @@ def configure_service_control_policies(self): description="SCP to prevent accounts from leaving the organization", ) self.organization.attach_policy(self.policy_deny_leave_org) - self.policy_deny_leave_org.node.add_dependency(self.organization) # SCP for only allow access to specific regions in AWS (deny others) self.policy_allow_specific_regions = Policy( @@ -126,7 +125,6 @@ def configure_service_control_policies(self): description="SCP to only allow access to specific AWS Regions", ) self.organization.attach_policy(self.policy_allow_specific_regions) - self.policy_allow_specific_regions.node.add_dependency(self.organization) def create_ou_sandbox(self): """