All Content tagged with Service Control Policy
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization.
Content language: English
Filter content
Select tags to filter
Sort by
Sort by most recent
77 results
i am planning on migrating claude from 3.5 to 4
and also want to implement cross region inference
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "BedrockKnowledgeBaseA...
I have checked the documentation of both Service Control Policies (SCPs) and Resource Control Policies (RCPs) and I see that neither type impacts the effective permissions of any service-linked roles....
Purnaresa YEXPERT
published a month ago0 votes90 views
A practical guide to implementing IAM best practices using Service Control Policies
Hello everyone,
I'm facing a persistent issue while trying to create an IAM role for the Amazon Selling Partner API (SP-API), and I'm hoping someone in the community might have some insight, as I've ...
I'm working on locking down our AMI usage across our org and need to implement some Service Control Policies. I know AWS has some sample policies floating around for this kind of thing.
Anyone have a...
asked 4 months ago
Purnaresa YEXPERT
published 4 months ago0 votes357 views
This article demonstrates a proof of concept for implementing enterprise security governance to prevent unauthorized security group modifications while maintaining development team flexibility using A...
While I am trying to disable a control in a OU, I am getting the following error
OU: ou-dfas--wx12n3h2
Control: [CT.CLOUDFORMATION.PR.1] Disallow management of resource types, modules, and hooks wit...
So I just hopped back on AWS after a bit and tried creating a beanstalk environment to host my .NET Core 7.0 based web app and even though I am trying to use the available "aws-elasticbeanstalk-servic...
Hi,
i want to apply for accessing Bedrock Claude models but i get the error:
• Claude 3.5 Sonnet - User: arn:aws:sts::<id2>:assumed-role/AWSReservedSSO_AWSAdministratorAccess_<id/email> is not autho...
I’ve created a SCP to enforce tagging policies for EC2 resources by referencing the document "https://aws.amazon.com/pt/blogs/mt/implement-aws-resource-tagging-strategy-using-aws-tag-policies-and-serv...
I am trying to implement a very simple policy on AVP where the "when" clause checks on the resource type.
Policy example:
```
permit(principal, action, resource) when { resource is namespace::documen...
I have an Org with a few OUs and an "S3 only" account living in one of the OUs. I attached an SCP to the account that essentially says "allow S3" and nothing else. Isn't there supposed to be implici...