Plan Resources Exclusion

Overview

The Plan resources exclusion feature enables you to exclude specific resources from actions or changes initiated by plan items.

Excluding resources

Finding the plan resource data

you will need the following plan item data:

  • : In the jit/jit-plan file (located in the repository selected for the integration), copy the slug (located in the uses section of jit/jit-plan of the plan item that contains the resources you want to exclude and add it to your jit-config.yml file.
    Example: item-cloud-security-posture-management(AWS Security Hub plan item slug).
  • : Replace this with the name of the resource you wish to exclude. Copy the resource identifier to from Settings -> Manage Resources in the Jit platform.
Resource typeLocation of resource identifier in UI
AWS Account, GCP, AzureUnder the Account column of your resource.
Github repositoryUnder the Repository column of your resource.
Github organizationThe organization's name.
  • (Optional) Type: This field is used to distinguish between two resources that are of different types but share the same identifier, like a GitHub repository named Jit under an organization named Jit. Enter one of the following values into the Type field:
ValueDescription
repoA code repository.
orgOrganization.
aws_accountAWS account.
gcp_account Google Cloud Platform account.
azure_account Microsoft Azure account.
webWeb application resource.
apiAPI resource.

Excluding resources in GitHub

🚧

The contents of your jit-config.yml file will vary depending on your enabled features and integrations. Other features that may impact your jit-config.yml file are discussed in Security as Code Configuration.

  1. Open the jit-config.yml file located in the .jit directory of the repository selected for GitHub integration.

  2. Add the following section to the end of the file:

resource_management:
  exclude:
    plan_items:
      <plan item slug>:
        resources:
          - name: <resource identifier>
            type: <type [OPTIONAL]>
  1. Save your changes to the jit-config.yml file.

Excluding resources in other SCMs

Use Jit's 'Update configuration file' API endpoint. For more information, please see API: Update configuration file.