Use CDK to define service control policy

[0xjjoyy]

Hi,

I'd like to be able to use the AWS CDK PolicyStatement to define the service control policy document and statements. Then use org-formation to deploy the service control policy to the desired targets.

Can you help describe or document how I can integrate org-formation with CDK with keeping the policy definition using CDK constructs and use org-formation?

Thanks

[eduardomourar]

@0xjjoyy, you should register this resource type (https://github.com/org-formation/aws-resource-providers/blob/master/organizations/policy/README.md) instead. This way you can just deploy using CDK with a L1 construct.

[0xjjoyy]

@eduardomourar any plans to put the organizations policy type into the public CloudFormation registry

https://aws.amazon.com/blogs/aws/introducing-a-public-registry-for-aws-cloudformation/

https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html

[eduardomourar]

Yes, I will start working on it next month. It just might be a slow process to migrate every resource type there.

[0xjjoyy]

Cool! My vote would be to start with the org policy :)

[0xjjoyy]

Hi, just checking to see if you are moving forward with migrating this to the public CloudFormation registry?

[eduardomourar]

Unfortunately, I have not had the time to go deep into this, but it is still on our radar. One delaying factor here is that not all types are passing the contract tests, so I will most probably have to start with those that are passing. @0xjjoyy if you have any resource type that you would want prioritize, I would recommend updating those resource to ensure that they are passing.