From fe6eeb2ad79ed2e2c68bbe7705c86930487c860f Mon Sep 17 00:00:00 2001
From: Sheena Todhunter <sheenamt@truss.works>
Date: Fri, 1 Mar 2024 09:07:26 -0800
Subject: [PATCH] fix: update resources that cannot be limited by region

---
 main.tf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 7f7b4fb..f2297b6 100644
--- a/main.tf
+++ b/main.tf
@@ -231,7 +231,6 @@ data "aws_iam_policy_document" "combined_policy_block" {
       # https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html
       not_actions = [
         "a4b:*",
-        "access-analyzer:*",
         "acm:*",
         "aws-marketplace-management:*",
         "aws-marketplace:*",
@@ -258,8 +257,12 @@ data "aws_iam_policy_document" "combined_policy_block" {
         "pricing:*",
         "route53:*",
         "route53domains:*",
+        "route53-recovery-cluster:*",
+        "route53-recovery-control-config:*",
+        "route53-recovery-readiness:*",
         "s3:GetAccountPublic*",
         "s3:ListAllMyBuckets",
+        "s3:ListMultiRegionAccessPoints",
         "s3:PutAccountPublic*",
         "shield:*",
         "sts:*",