-
Notifications
You must be signed in to change notification settings - Fork 0
Compliance
ServerlessSam edited this page Jan 31, 2023
·
3 revisions
BetterCF can be initialised in one of three modes. You specify your mode during the bettercf init CLI call by adding --mode standard/governance/compliance. By default, standard mode is used.
Little to no protection for your templates. You are to own your own security, via IAM policies.
There is an added layer of protection, restricting AWS users from being able to delete/alter an existing template unless they have the s3:BypassGovernanceRetention IAM action allowed.
Any templates pushed are immutable to all AWS users for 10 years. There is no way to delete or alter those templates. Use this mode with caution.