Plan Resources Exclusion
Overview
The Plan resources exclusion feature enables you to exclude specific resources from actions or changes initiated by plan items.
Excluding resources
The contents of your jit-config.yml file will vary depending on your enabled features and integrations. Other features that may impact your jit-config.yml file are discussed in Security as Code Configuration.
To exclude a resource
-
Open the jit-config.yml file located in the .jit directory of the repository selected for GitHub integration.
-
Add the following section to the end of the file:
resource_management:
exclude:
plan_items:
<plan item slug>:
resources:
- name: <resource identifier>
type: <type [OPTIONAL]>
- : In the jit/jit-plan file (located in the repository selected for GitHub integration), copy the slug (located in the uses section of jit/jit-plan of the plan item that contains the resources you want to exclude and add it to your jit-config.yml file.
Example: item-cloud-security-posture-management(AWS Security Hub plan item slug).
- : Replace this with the name of the resource you wish to exclude. Copy the resource identifier to from Settings -> Manage Resources in the Jit platform.
Resource type | Location of resource identifier in UI |
---|---|
AWS Account, GCP, Azure | Under the Account column of your resource. |
Github repository | Under the Repository column of your resource. |
Github organization | The organization's name. |
- (Optional) Type: This field is used to distinguish between two resources that are of different types but share the same identifier, like a GitHub repository named Jit under an organization named Jit. Enter one of the following values into the Type field:
Value | Description |
---|---|
repo | A GitHub repository. |
org | GitHub organization. |
aws_account | AWS account. |
gcp_account | Google Cloud Platform account. |
azure_account | Microsoft Azure account. |
web | Web application resource. |
api | API resource. |
- Save your changes to the jit-config.yml file.
Updated 4 months ago