Explore how you can quickly prepare for, respond to, and recover from security events. Learn more.
All Content tagged with Service Control Policy
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization.
Content language: English
Select up to 5 tags to filter
Sort by most recent
69 results
I am trying to implement a very simple policy on AVP where the "when" clause checks on the resource type.
Policy example:
```
permit(principal, action, resource) when { resource is namespace::documen...
I have an Org with a few OUs and an "S3 only" account living in one of the OUs. I attached an SCP to the account that essentially says "allow S3" and nothing else. Isn't there supposed to be implici...
I want to implement SCPs to restrict AWS accounts linked to my AWS Organization from making outbound calls. The outbound calls should only be restricted to a specific set of websites. I need guidance ...
I am looking to enable a service from SCP only for certain time or if the date is not greater than a X date, how can i achieve this does SCP supports `aws:CurrentTime` condition ?
Since last week, all our systems on Elastic Beanstalk suddenly failed to install the latest platform update, 4.2.7 to 4.3.0, as part of a weekly managed update process. This came as an unwelcome surpr...
Hi AWS, we have a list of security controls as mentioned below. We are preferring the use of AWS Trusted Advisor and the Remediator to remediate them, but I am not sure if the Trusted Advisor will rem...
Hi AWS, I am planning to write an SCP for the following:
1. MFA should be enabled for all IAM users.
2. Hardware MFA should be enabled for the root user.
3. MFA should be enabled for the root user
M...
Hi AWS, I am writing an SCP to enable **AWS Config** and **AWS GuardDuty**. The approved regions are `us-east-1`, `us-east-2`, `us-west-1`. Here is the SCP code:
```
{
"Version": "2012-10-17",
...
kind: Service
metadata:
name: test-nlb
namespace: default
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-con...
Hi AWS, I have created an SCP to explicitly deny use of AWS services other than 4 approved AWS regions, i.e. `us-east-1`, `us-east-2`, `us-west-1` and `us-west-2`. Here is the SCP code:
```
{
"V...
Hi AWS, we have recently deployed AWS Config Conformance packs to detect non-compliant resources and remediation was done manually. It has improved the performace score to a certain extent but now the...
Hi
in the [documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_evaluation.html#strategy_using_scps) there is an example regarding SCP evaluation
* Sa...