All Content tagged with Service Control Policy

Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization.

Content language: English

Select up to 5 tags to filter
Sort by most recent
69 results
I am trying to implement a very simple policy on AVP where the "when" clause checks on the resource type. Policy example: ``` permit(principal, action, resource) when { resource is namespace::documen...
1
answers
0
votes
23
views
asked 3 days ago
I have an Org with a few OUs and an "S3 only" account living in one of the OUs. I attached an SCP to the account that essentially says "allow S3" and nothing else. Isn't there supposed to be implici...
3
answers
0
votes
60
views
asked 20 days ago
I want to implement SCPs to restrict AWS accounts linked to my AWS Organization from making outbound calls. The outbound calls should only be restricted to a specific set of websites. I need guidance ...
2
answers
0
votes
72
views
asked 2 months ago
I am looking to enable a service from SCP only for certain time or if the date is not greater than a X date, how can i achieve this does SCP supports `aws:CurrentTime` condition ?
3
answers
0
votes
95
views
profile picture
asked 3 months ago
Since last week, all our systems on Elastic Beanstalk suddenly failed to install the latest platform update, 4.2.7 to 4.3.0, as part of a weekly managed update process. This came as an unwelcome surpr...
2
answers
0
votes
177
views
asked 4 months ago
Hi AWS, we have a list of security controls as mentioned below. We are preferring the use of AWS Trusted Advisor and the Remediator to remediate them, but I am not sure if the Trusted Advisor will rem...
1
answers
0
votes
256
views
profile picture
asked 4 months ago
Hi AWS, I am planning to write an SCP for the following: 1. MFA should be enabled for all IAM users. 2. Hardware MFA should be enabled for the root user. 3. MFA should be enabled for the root user M...
3
answers
0
votes
362
views
profile picture
asked 4 months ago
Hi AWS, I am writing an SCP to enable **AWS Config** and **AWS GuardDuty**. The approved regions are `us-east-1`, `us-east-2`, `us-west-1`. Here is the SCP code: ``` { "Version": "2012-10-17", ...
2
answers
0
votes
333
views
profile picture
asked 4 months ago
kind: Service metadata: name: test-nlb namespace: default annotations: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp service.beta.kubernetes.io/aws-load-balancer-con...
2
answers
0
votes
218
views
asked 5 months ago
Hi AWS, I have created an SCP to explicitly deny use of AWS services other than 4 approved AWS regions, i.e. `us-east-1`, `us-east-2`, `us-west-1` and `us-west-2`. Here is the SCP code: ``` { "V...
1
answers
0
votes
289
views
profile picture
asked 5 months ago
Hi AWS, we have recently deployed AWS Config Conformance packs to detect non-compliant resources and remediation was done manually. It has improved the performace score to a certain extent but now the...
2
answers
0
votes
233
views
profile picture
asked 5 months ago
Hi in the [documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_evaluation.html#strategy_using_scps) there is an example regarding SCP evaluation * Sa...
3
answers
0
votes
236
views
asked 6 months ago