org-formation-cli Use CDK to define service control policy

Hi,

I'd like to be able to use the AWS CDK PolicyStatement to define the service control policy document and statements. Then use org-formation to deploy the service control policy to the desired targets.

Can you help describe or document how I can integrate org-formation with CDK with keeping the policy definition using CDK constructs and use org-formation?

Thanks

Nov 26 '20 11:11 0xjjoyy

@0xjjoyy, you should register this resource type (https://github.com/org-formation/aws-resource-providers/blob/master/organizations/policy/README.md) instead. This way you can just deploy using CDK with a L1 construct.

Dec 02 '20 00:12 eduardomourar

@eduardomourar any plans to put the organizations policy type into the public CloudFormation registry

https://aws.amazon.com/blogs/aws/introducing-a-public-registry-for-aws-cloudformation/

https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html

Jul 27 '21 16:07 0xjjoyy

Yes, I will start working on it next month. It just might be a slow process to migrate every resource type there.

Jul 27 '21 16:07 eduardomourar

Cool! My vote would be to start with the org policy :)

Jul 27 '21 16:07 0xjjoyy

Hi, just checking to see if you are moving forward with migrating this to the public CloudFormation registry?

Aug 24 '21 20:08 0xjjoyy

Unfortunately, I have not had the time to go deep into this, but it is still on our radar. One delaying factor here is that not all types are passing the contract tests, so I will most probably have to start with those that are passing. @0xjjoyy if you have any resource type that you would want prioritize, I would recommend updating those resource to ensure that they are passing.

Sep 01 '21 19:09 eduardomourar