3 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
1
When you've got full administrator access but are still getting denied, see if there is a Service Control Policy (SCP) attached to the account or organizational unit. Your permissions are the overlap between what the SCP allows/denies and what your IAM policies allow/deny.
When you enable AWS Control Tower, it automatically applies guardrails, including preventing such actions as disabling the AWS Config recorder, which makes sense since that is an important tool for maintaining compliance.
con risposta un anno fa
0
Is the operation prevented by the SCP?
Check the SCP of the OU to which the account belongs.
If guardrails are set up on the control tower, they may be rejected by SCP.
https://docs.aws.amazon.com/controltower/latest/userguide/mandatory-controls.html
Contenuto pertinente
- AWS UFFICIALEAggiornata 3 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa
Thanks for the comments, I have disabled the config long back ago with your inputs. I just modified the SCP policy and stoped the AWS config.