Plan Resources Exclusion

Overview

The Plan resources exclusion feature enables you to exclude specific resources from actions or changes initiated by plan items.

Excluding resources

🚧
The contents of your jit-config.yml file will vary depending on your enabled features and integrations. Other features that may impact your jit-config.yml file are discussed in Security as Code Configuration.

To exclude a resource

Open the jit-config.yml file located in the .jit directory of the repository selected for GitHub integration.
Add the following section to the end of the file:

resource_management:
  exclude:
    plan_items:
      <plan item slug>:
        resources:
          - name: <resource identifier>
            type: <type [OPTIONAL]>

: In the jit/jit-plan file (located in the repository selected for GitHub integration), copy the slug (located in the uses section of jit/jit-plan of the plan item that contains the resources you want to exclude and add it to your jit-config.yml file.
Example: item-cloud-security-posture-management(AWS Security Hub plan item slug).

: Replace this with the name of the resource you wish to exclude. Copy the resource identifier to from Settings -> Manage Resources in the Jit platform.

Resource type	Location of resource identifier in UI
AWS Account, GCP, Azure	Under the Account column of your resource.
Github repository	Under the Repository column of your resource.
Github organization	The organization's name.

(Optional) Type: This field is used to distinguish between two resources that are of different types but share the same identifier, like a GitHub repository named Jit under an organization named Jit. Enter one of the following values into the Type field:

Value	Description
repo	A GitHub repository.
org	GitHub organization.
aws_account	AWS account.
gcp_account	Google Cloud Platform account.
azure_account	Microsoft Azure account.
web	Web application resource.
api	API resource.

Save your changes to the jit-config.yml file.