@@ -66,7 +66,7 @@ resource-types:
6666 - SecretsManagerSecret
6767 - SQSQueue
6868 - SSMParameter
69-
69+
7070accounts :
7171 AWSACCOUNTID :
7272 filters :
@@ -109,63 +109,57 @@ accounts:
109109 value : " *"
110110 CloudTrailTrail :
111111 - type : regex
112- value : " ^(AccountGuardian|Isengard) .*DO-NOT-DELETE.*$"
112+ value : " ^.*DO-NOT-DELETE.*$"
113113 CloudWatchEventsRule :
114114 - type : regex
115- value : " ^Rule: (AccountGuardian-.*DO-NOT-DELETE| AwsSecurity.*DO-NOT-DELETE|DO-NOT-DELETE-GatedGarden-.* )$"
115+ value : " ^Rule: (AwsSecurity.*DO-NOT-DELETE)$"
116116 CloudWatchEventsTarget :
117117 - type : regex
118- value : " ^Rule: (AccountGuardian-.*DO-NOT-DELETE.*| AwsSecurity.*DO-NOT-DELETE|DO-NOT-DELETE-GatedGarden-.* )$"
118+ value : " ^Rule: (AwsSecurity.*DO-NOT-DELETE)$"
119119 CloudWatchLogsLogGroup :
120120 - type : regex
121- value : " ^(AccountGuardian-) .*$"
121+ value : " ^.*$"
122122 ConfigServiceDeliveryChannel :
123- - " pitbull- default"
123+ - " default"
124124 ConfigServiceConfigRule :
125125 - type : regex
126- value : " ^(managed-ec2-patch-compliance|ec2-managed-by-systems-manager-REMEDIATE|pvre-.*-REMEDIATE|.*-pvre-.*-REMEDIATE )$"
126+ value : " ^(managed-ec2-patch-compliance|ec2-managed-by-systems-manager-REMEDIATE)$"
127127 S3Bucket :
128128 - property : Name
129129 type : regex
130- value : " ^(cdktoolkit-stagingbucket-.*|pitbull-aws-config-.*|cloudtrail-awslogs-.*-isengard-do-not-delete|do-not-delete-gatedgarden-audit-.*| aws-nuke.*)$"
130+ value : " ^(cdktoolkit-stagingbucket-.*|aws-nuke.*)$"
131131 S3Object :
132132 - property : Bucket
133133 type : regex
134- value : " ^(cdktoolkit-stagingbucket-.*|pitbull-aws-config-.*|cloudtrail-awslogs-.*-isengard-do-not-delete|do-not-delete-gatedgarden-audit-.*| aws-nuke.*)$"
134+ value : " ^(cdktoolkit-stagingbucket-.*|aws-nuke.*)$"
135135 ConfigServiceConfigurationRecorder :
136136 - " MainRecorder"
137137 CloudFormationStack :
138138 - property : Name
139139 type : regex
140- value : " ^(CDKToolkit|AccountGuardian| .*DO-NOT-DELETE)$"
140+ value : " ^(CDKToolkit|.*DO-NOT-DELETE)$"
141141 - property : Name
142142 type : regex
143143 value : " ^(PluginStack|NukeStack)*$"
144- - property : Name
145- type : regex
146- value : " ^(pvre.*|PVRE.*)$"
147- - property : Name
148- type : regex
149- value : " ^(.*PatchBaseline.*)$"
150144 IAMPolicy :
151145 - property : Name
152146 type : regex
153147 value : " ^(ConfigAccessPolicy|ResourceConfigurationCollectorPolicy|CloudFormationRefereeService|EC2CapacityReservationService|AwsSecurit.*AuditPolicy)$"
154148 IAMRole :
155149 - property : Name
156150 type : regex
157- value : " ^(AWSServiceRoleFor.*|.*DO-NOT-DELETE|^Isengard.*| Admin|ReadOnly|GatedGarden.*Audit|ShadowTrooper.*| InternalAuditInternal|EC2CapacityReservationService|AccessAnalyzerTrustedService|EC2CapacityReservationService |AwsSecurit.*Audit|AWS.*Audit)$"
151+ value : " ^(AWSServiceRoleFor.*|.*DO-NOT-DELETE|Admin|ReadOnly|InternalAuditInternal|EC2CapacityReservationService|AccessAnalyzerTrustedService|AwsSecurit.*Audit|AWS.*Audit)$"
158152 IAMRolePolicy :
159153 - property : role:RoleName
160154 type : regex
161- value : " ^(.*DO-NOT-DELETE|Isengard.*|GatedGarden.*Audit|AccountGuardian.*|ShadowTrooper.*| AccessAnalyzerTrustedService|AwsSecurit.*Audit)$"
155+ value : " ^(.*DO-NOT-DELETE|AccessAnalyzerTrustedService|AwsSecurit.*Audit)$"
162156 IAMRolePolicyAttachment :
163157 - property : RoleName
164158 type : regex
165- value : " ^(Admin|ReadOnly|AWSServiceRoleFor.*|.*DO-NOT-DELETE|Isengard.*| InternalAuditInternal|EC2CapacityReservationService|AWSVAPTAudit|AwsSecurit.*Audit)$"
159+ value : " ^(Admin|ReadOnly|AWSServiceRoleFor.*|.*DO-NOT-DELETE|InternalAuditInternal|EC2CapacityReservationService|AWSVAPTAudit|AwsSecurit.*Audit)$"
166160 SSMDocument :
167161 - type : regex
168- value : " ^(AccountGuardian|Isengard) .*DO-NOT-DELETE.*$"
162+ value : " ^.*DO-NOT-DELETE.*$"
169163 SSMResourceDataSync :
170164 - type : regex
171- value : " ^(AccountGuardian|Isengard) .*DO-NOT-DELETE.*$"
165+ value : " ^.*DO-NOT-DELETE.*$"
0 commit comments