Questions tagged with Service Control Policy
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
I know we can (and have) locked down access to specific AWS regions. My question is, is it possible to lockdown AZ's with service control policies?
2
answers
0
votes
369
views
asked 2 years agolg...
Hello if you use the Region deny option in AWS Control Tower ist set the Guardrail: Deny access to AWS based on the requested AWS RegionInfo. In this Guardrail the SCP is missing the global Service...
1
answers
0
votes
623
views
asked 2 years agolg...
After attaching the above SCP policy to an account, I am unable (with Administrator access) to launch an instance with all the compliant tags. The policy is working fine when I deploy an instance with...
1
answers
0
votes
546
views
asked 2 years agolg...
I'm trying to set up permissions so that my users can create roles and policies and use them to give AWS resources access to other AWS resources, but not use them to give humans access to AWS...
2
answers
0
votes
1566
views
asked 2 years agolg...
Hello All,
Using Landing Zone. Each sub account has its own admin users. I would like to implement this as a service control policy from the main account.
We have a job workflow in github actions...
1
answers
0
votes
546
views
asked 2 years agolg...
We would like to control which services are available for use in which accounts and regions while still being able to review everything:
- Allow ReadOnly across all services in all regions
- Allow...
1
answers
2
votes
337
views
asked 2 years agolg...
I would like to create an SCP to enforce encryption on SNS creation. I am creating the below policy but it failed.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect":...
1
answers
0
votes
514
views
asked 2 years agolg...
Hi,
I am searching for a (programmatically checkable) list of all API calls for AWS services.
Background is the usage of allow/deny of specific services in a service control policy (SCP).
For...
1
answers
0
votes
1339
views
asked 2 years agolg...
I want create a IAM policy/Tagging policy / SCP that should allow me to enforce user to create/add tags that are mandatory(mentioned in the policy), when they create resource(EC2,S3,VPC etc) on...
3
answers
0
votes
6160
views
asked 2 years agolg...