Joern Barthel

If you're looking for an integration of Yubikeys as TOTP sources via the `go` core (not sure if that's really the case here) https://github.com/yawn/ykoath might fit the bill.

Made simple initial spike to enumerate policy-enabled global service as a foundation for such an SCP using https://github.com/salesforce/policy_sentry. Currently I'm not 100% sure we'll be able to automate the policy...

Maybe this can also be solved by disabling regions per account? Unclear (to me) is how that disabling us-std plays with global services ...

I would actually postpone this (despite speeding the installation up) and wait for #26. Unless we decrease the actually supported regions I don't think it makes sense to restrict CT...

So, initially we'd need some configurations for regions as a parameter list maybe? Maybe AP/EU/US and US- (everything except us-std 🥇)?

For additional consideration / what we should consider on top of item °2: - Enable fast and meaningful (e.g. the opposite of CF embedded stack set errors) feedback cycles -...

A quick `cat global.yml deployment/*.yml | grep Type | grep -Eo "AWS::[^\"']+" | cut -d ':' -f 3-5 | sort | uniq` shows the following: ``` CodeBuild::Project CodeCommit::Repository CodePipeline::Pipeline Events::Rule...

Please keep in mind that I based this evaluation on version 2.x.

Any update here on your internal planning? We can support here but I think we should consider changing naming conventions here to simplify the SCP. I'll do an ADF deploy...

No (at least not for 2.x, have no installation upgrade to 3 yet). You can install ADF straight after CT finishes up.