Plan Resources Exclusion

Overview

The plan resources exclusion feature enables you to exclude specific resources from actions or changes initiated by plan items.

Excluding resources

🚧

The contents of your jit-config.yml file will vary depending on your enabled features and integrations. Other features that may impact your jit-config.yml file are discussed in Security as Code Configuration.

To exclude a resource—

1. Open the jit-config.yml file located in the .jit directory of the repository selected for GitHub integration.

2. Add the following section to the end of the file:

resource_management:
  exclude:
    plan_items:
      <plan item slug>:
        resources:
          - name: <resource identifier>
            type: <type [OPTIONAL]>

• <plan item slug>: In the .jit/jit-plan file (located in the repository selected for GitHub integration), copy the slug (located in the uses section of jit/jit-plan) of the plan item that contains the resources you want to exclude and add it to your jit-config.yml file.
  Example: item-cloud-security-posture-management (AWS Security Hub plan item slug)

• <resource identifier>: Replace this with the name of the resource you wish to exclude. Copy the resource identifier from Settings -> Manage Resources in the Jit platform.

• (optional) type: This field is used to distinguish between two resources that are of different types but share the same identifier— such as a GitHub repository named "Jit" under an organization named "Jit." Enter one of the following values into the type field:

3. Save your changes to the jit-config.yml file.