From 228212b3187107c2afc5e3aac43a4aa161abbef1 Mon Sep 17 00:00:00 2001
From: Cody Wood <cody.wood@toyota.com>
Date: Wed, 9 Jun 2021 21:05:52 -0600
Subject: [PATCH] 
 https://github.com/aws-samples/aws-iam-permissions-guardrails/issues/18

---
 guardrails/macie/SCP-MACIE-1.json | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 guardrails/macie/SCP-MACIE-1.json

diff --git a/guardrails/macie/SCP-MACIE-1.json b/guardrails/macie/SCP-MACIE-1.json
new file mode 100644
index 0000000..790a893
--- /dev/null
+++ b/guardrails/macie/SCP-MACIE-1.json
@@ -0,0 +1,29 @@
+{
+    "Identifier": "SCP-MACIE-1",
+    "Guardrail": "Prevent Disabling Macie",
+    "Rationale": [
+        "Prevent someone disabling or deleting Macie intentionally or accidentally"
+    ], 
+    "Test Scenarios": [
+        {
+            "Test-Scenario": "Disable Macie",
+            "Steps": [
+                "Log in to the AWS console with a role that is able to disable Macie and has Macie enabled", 
+                "Disable Macie"
+            ],
+            "Expected-Result": "Access Denied"
+        }
+    ],
+    "References": [
+        "https://docs.aws.amazon.com/macie/"
+    ],
+    "Policy-Type": "SCP",
+    "SCP-Type": "Prevent-All", 
+    "IAM Actions": [
+        "macie2:DisassociateFromMasterAccount",
+        "macie2:DisableOrganizationAdminAccount",
+        "macie2:DisableMacie",
+        "macie2:DeleteMember"
+    ],
+    "Resource": ["*"]
+}
\ No newline at end of file