From e632b68ee68751ce76e438e46a2d2a7063b56662 Mon Sep 17 00:00:00 2001 From: Santiago Garcia Arango Date: Fri, 22 Sep 2023 00:09:05 -0500 Subject: [PATCH] Update SCPs method for initial deployment --- cdk/stacks/cdk_organization.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cdk/stacks/cdk_organization.py b/cdk/stacks/cdk_organization.py index c71ee3c..fa63a5b 100644 --- a/cdk/stacks/cdk_organization.py +++ b/cdk/stacks/cdk_organization.py @@ -42,7 +42,7 @@ def __init__( # Organization creation, services configuration and SCPs self.create_root_organization() self.configure_organization_services() - self.configure_service_control_policies() + # self.configure_service_control_policies() # Create "sandbox" OU with inner OUs and accounts inside self.create_ou_sandbox() @@ -114,6 +114,7 @@ def configure_service_control_policies(self): description="SCP to prevent accounts from leaving the organization", ) self.organization.attach_policy(self.policy_deny_leave_org) + self.policy_deny_leave_org.node.add_dependency(self.organization) # SCP for only allow access to specific regions in AWS (deny others) self.policy_allow_specific_regions = Policy( @@ -125,6 +126,7 @@ def configure_service_control_policies(self): description="SCP to only allow access to specific AWS Regions", ) self.organization.attach_policy(self.policy_allow_specific_regions) + self.policy_allow_specific_regions.node.add_dependency(self.organization) def create_ou_sandbox(self): """