Plan Resources Exclusion
Overview
The Plan resources exclusion feature enables you to exclude specific resources from actions or changes initiated by plan items.
Excluding resources
Finding the plan resource data
you will need the following plan item data:
- : In the jit/jit-plan file (located in the repository selected for the integration), copy the slug (located in the uses section of jit/jit-plan of the plan item that contains the resources you want to exclude and add it to your jit-config.yml file.
Example: item-cloud-security-posture-management(AWS Security Hub plan item slug).
- : Replace this with the name of the resource you wish to exclude. Copy the resource identifier to from Settings -> Manage Resources in the Jit platform.
Resource type | Location of resource identifier in UI |
---|---|
AWS Account, GCP, Azure | Under the Account column of your resource. |
Github repository | Under the Repository column of your resource. |
Github organization | The organization's name. |
- (Optional) Type: This field is used to distinguish between two resources that are of different types but share the same identifier, like a GitHub repository named Jit under an organization named Jit. Enter one of the following values into the Type field:
Value | Description |
---|---|
repo | A code repository. |
org | Organization. |
aws_account | AWS account. |
gcp_account | Google Cloud Platform account. |
azure_account | Microsoft Azure account. |
web | Web application resource. |
api | API resource. |
Excluding resources in GitHub
The contents of your jit-config.yml file will vary depending on your enabled features and integrations. Other features that may impact your jit-config.yml file are discussed in Security as Code Configuration.
-
Open the jit-config.yml file located in the .jit directory of the repository selected for GitHub integration.
-
Add the following section to the end of the file:
resource_management:
exclude:
plan_items:
<plan item slug>:
resources:
- name: <resource identifier>
type: <type [OPTIONAL]>
- Save your changes to the jit-config.yml file.
Excluding resources in other SCMs
Use Jit's 'Update configuration file' API endpoint. For more information, please see API: Update configuration file.
Updated 5 months ago