search

aws-solutions / aws-control-tower-customizations

The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices.
https://docs.aws.amazon.com/controltower/latest/userguide/cfct-overview.html
Apache License 2.0
356 stars 205 forks source link

Auto minify SCPs #75

Open rjenks opened 2 years ago

rjenks commented 2 years ago

Is your feature request related to a problem? Please describe.

SCPs that are valid from the AWS console cannot be applied via the API. This seems to be because the AWS console automatically minifies the JSON policy whereas the API applies it as-is. SCPs are limited to 5120 bytes, but you can apply much larger SCPs from the console due to the automatic minification.

Describe the feature you'd like

I would be very helpful if this framework could automatically minify the SCPs before applying them. That way we can maintain the pretty SCPs in our customization project.

Additional context

It is difficult to maintain and review changes to minified JSON documents in git. I have many SCPs that push the limits of SCP size due to the limitations of SCP policies.

In IAM policies you can use multiple wildcards in an action statement, but in SCP policies it only supports one wildcard. So I often have to expand 1 action pattern into many to achieve the same goal. For example:

groverlalit commented 2 years ago

@rjenks Thanks for bringing this to our attention. We have added this to our backlog.

jordan-evans commented 1 year ago

Is there any update on this? Is there a public roadmap of accepted enhancements we can see? The repository isn't accepting contributions at the moment, so I believe we are fully reliant on the AWS team to make these enhancements?