Plan Resources Exclusion


The Plan resources exclusion feature enables you to exclude specific resources from actions or changes initiated by plan items.

Excluding resources


The contents of your jit-config.yml file will vary depending on your enabled features and integrations. Other features that may impact your jit-config.yml file are discussed in Security as Code Configuration.

To exclude a resource

  1. Open the jit-config.yml file located in the .jit directory of the repository selected for GitHub integration.

  2. Add the following section to the end of the file:

      <plan item slug>:
          - name: <resource identifier>
            type: <type [OPTIONAL]>
  • : In the jit/jit-plan file (located in the repository selected for GitHub integration), copy the slug (located in the uses section of jit/jit-plan of the plan item that contains the resources you want to exclude and add it to your jit-config.yml file.
    Example: item-cloud-security-posture-management(AWS Security Hub plan item slug).
  • : Replace this with the name of the resource you wish to exclude. Copy the resource identifier to from Settings -> Manage Resources in the Jit platform.
Resource typeLocation of resource identifier in UI
AWS Account, GCP, AzureUnder the Account column of your resource.
Github repositoryUnder the Repository column of your resource.
Github organizationThe organization's name.
  • (Optional) Type: This field is used to distinguish between two resources that are of different types but share the same identifier, like a GitHub repository named Jit under an organization named Jit. Enter one of the following values into the Type field:
repoA GitHub repository.
orgGitHub organization.
aws_accountAWS account.
gcp_account Google Cloud Platform account.
azure_account Microsoft Azure account.
webWeb application resource.
apiAPI resource.
  1. Save your changes to the jit-config.yml file.