Checks/Aws/Test-OrganizationsScpCheckDenyRegions.ps1
|
function Test-OrganizationsScpCheckDenyRegions { <# .SYNOPSIS AWS Organization restricts operations to only the configured AWS Regions with SCP policies .DESCRIPTION **AWS Organizations SCPs** limit account actions to approved regions using conditions on `aws:RequestedRegion`. This evaluates whether policies exist and fully restrict access to the configured allowlist, rather than only some regions. .PARAMETER Check CIEMCheck object containing check metadata. #> [CmdletBinding()] [OutputType([PSCustomObject[]])] param( [Parameter(Mandatory)] [CIEMCheck]$Check ) $ErrorActionPreference = 'Stop' # TODO: Implement check logic based on Prowler check: organizations_scp_check_deny_regions [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check organizations_scp_check_deny_regions for reference.', 'N/A', 'organizations Resources') } |