From d9caa4fb8a00a8c1436325d9e773a3a459bb52d7 Mon Sep 17 00:00:00 2001
From: hcornet <hcornet@tips-of-mine.fr>
Date: Thu, 20 Nov 2025 15:51:12 +0100
Subject: [PATCH] update

---
 Access_Controls-Policies-Rule_Groups.tf | 27 +++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/Access_Controls-Policies-Rule_Groups.tf b/Access_Controls-Policies-Rule_Groups.tf
index 2909116..c3a82ba 100644
--- a/Access_Controls-Policies-Rule_Groups.tf
+++ b/Access_Controls-Policies-Rule_Groups.tf
@@ -163,6 +163,33 @@ locals {
       purpose_justification        = true
       purpose_justification_prompt = "Access justification required: Please provide your business reason for accessing this production system."
     }
+    aws = {
+      name            = "AWS Cloud Policy"
+      include_groups  = ["sales_engineering"]
+      require_posture = true
+      require_mfa     = true
+    }
+    okta = {
+      name            = "Okta Cloud Policy"
+      include_groups  = ["it_admin"]
+      require_posture = true
+      require_mfa     = true
+    }
+    meraki = {
+      name            = "Meraki Cloud Policy"
+      include_groups  = ["it_admin"]
+      require_posture = true
+      require_mfa     = true
+    }
+    domain_controller = {
+      name                         = "Domain Controller Policy"
+      include_groups               = ["it_admin", "contractors"]
+      require_posture              = true
+      require_mfa                  = true
+      require_country              = true
+      purpose_justification        = true
+      purpose_justification_prompt = "Access justification required: Please provide your business reason for accessing this sensitive resource."
+    }
   }
 }