3 Answers
- Newest
- Most votes
- Most comments
0
Hello,
Currently you can only use resources and conditions in your SCPs with Deny statements. Your policy is an Allow policy, which does not support those policy elements. See the docs here: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html
You should be able to invert the statements in the policy to create the same effect. For example, you can use NotAction instead of Action and use StringNotEquals instead of StringEquals in your policy condition.
Thanks,
Mike
answered 5 years ago
0
Hi,
MikeS-aws gave the correct answer below.. so removing my comment :-)
Edited by: RandyTakeshita on Sep 20, 2019 11:03 AM
answered 5 years ago
Relevant content
- asked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago