feat: Enhance account-nuke.sh with SSO filters

[venkatamutyala]

User description

Added filters for SSO resources in account-nuke script.

---

PR Type

Enhancement

---

Description

• Added SSO resource filters to account-nuke script

• Configured exclusions for AWS SSO SAML providers and roles

• Enhanced script to preserve SSO infrastructure during cleanup

---

Diagram Walkthrough

flowchart LR
  A["account-nuke.sh"] --> B["common preset"]
  A --> C["new sso preset"]
  C --> D["IAMSAMLProvider filter"]
  C --> E["IAMRole filter"]
  C --> F["IAMRolePolicyAttachment filter"]

Loading

File Walkthrough

	Relevant files
Enhancement	account-nuke.sh Add SSO resource preservation filters                                        tools/aws/account-nuke.sh Added new sso preset with filters for SSO resources Configured regex filter for IAMSAMLProvider with pattern AWSSSO_.*_DO_NOT_DELETE Added glob filters for IAMRole and IAMRolePolicyAttachment with pattern AWSReservedSSO_* +12/-0

---

[Copilot]

Pull Request Overview

This PR enhances the account-nuke script by adding SSO (Single Sign-On) resource filters to prevent accidental deletion of critical AWS SSO components during account cleanup operations.

Key changes:

• Added a new sso preset with filters for IAM SAML providers, roles, and policy attachments
• Implemented protection patterns for AWS Reserved SSO resources and SAML providers

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[codiumai-pr-agent-free]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
⚪	No custom compliance provided Follow the guide to enable custom compliance check.

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[codiumai-pr-agent-free]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Use property filter for clarity For the IAMRolePolicyAttachment filter, add property: "RoleName" to explicitly target the role name, making the filter more robust and its intent clearer. tools/aws/account-nuke.sh [59-61] IAMRolePolicyAttachment: -- type: "glob" +- property: "RoleName" + type: "glob" value: "AWSReservedSSO_*" Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion correctly points out that filtering on the RoleName property is more explicit and robust for IAMRolePolicyAttachment than relying on a glob match against the default composite identifier (RoleName/PolicyArn).	Low
More