feat(iam-role-policy): filter out sso managed policies

ekristen · Oct 1, 2024 · dbbe474 · dbbe474
1 parent aee3915
commit dbbe474
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/resources/iam-role-policy.go b/resources/iam-role-policy.go
@@ -2,7 +2,6 @@ package resources
 
 import (
 	"context"
-
 	"fmt"
 	"strings"
 
@@ -41,6 +40,9 @@ func (e *IAMRolePolicy) Filter() error {
 	if strings.HasPrefix(e.rolePath, "/aws-service-role/") {
 		return fmt.Errorf("cannot alter service roles")
 	}
+	if strings.HasPrefix(e.rolePath, "/aws-reserved/sso.amazonaws.com/") {
+		return fmt.Errorf("cannot alter sso roles")
+	}
 	return nil
 }