feat: add AWS account organization name display policy pack #958
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Python script to report Guardrails errors and alarms - Support for multiple output formats (text, JSON, CSV) - Flexible filtering by resource type, states, and time windows - Command-line interface with comprehensive options - Integration with Turbot CLI via _turbot.py module - Comprehensive documentation and examples
…ror_report - Add --insecure flag to disable SSL certificate verification for self-signed certs - Add shebang line and make script executable for direct execution - Add comprehensive test suite with 36 unit tests (89% coverage) - Update README with SSL feature, testing docs, and chmod instructions - Add pytest dependencies to requirements.txt - Move from error-reporting/ to turbot_error_report/ under python_utils/
- Add case-sensitive state validation with helpful error messages - Require full URIs for --resource-type (remove short form support) - Add custom error handler with help instructions for all validation errors - Update tests to cover new validation logic and URI requirements - Update README with URI-only examples and clearer documentation
- Change timestamp filter from 'timestamp' to 'stateChangeTimestamp' - Ensures script results match UI reports exactly - Update unit tests to use correct field name
- Restore original .gitignore from main branch - These changes were accidentally included in the initial commit - PR should only contain error reporting utility changes
- The main README.md was accidentally deleted in the initial commit - This PR should only add the error reporting utility, not modify existing files - Restore original README.md from main branch
- Create policy pack to automatically set AWS account aliases using organization names - Use Stack Native policies to manage account aliases as infrastructure - Implement priority logic: existing aliases take precedence over organization names - Add robust name sanitization (lowercase, alphanumeric + hyphens, 3-63 chars) - Default to Check mode with option to enable Enforce mode - Include comprehensive documentation with examples and sanitization rules - Follow policy pack guidelines with proper directory structure and naming
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This PR adds a new policy pack that automatically sets AWS account aliases using organization account names for accounts that are part of an AWS organization. This enables a more user-friendly navigation experience by displaying meaningful names in breadcrumbs instead of numerical account IDs.
Features
How It Works
Example
Before:
After:
Files Added
policy_packs/aws/guardrails/enforce_account_organization_name_display/main.tf- Policy pack definitionpolicies.tf- Stack Native policy settingsproviders.tf- Terraform provider configurationREADME.md- Comprehensive documentationTesting
The policy pack follows all policy pack guidelines and includes: