3개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
1
When you've got full administrator access but are still getting denied, see if there is a Service Control Policy (SCP) attached to the account or organizational unit. Your permissions are the overlap between what the SCP allows/denies and what your IAM policies allow/deny.
When you enable AWS Control Tower, it automatically applies guardrails, including preventing such actions as disabling the AWS Config recorder, which makes sense since that is an important tool for maintaining compliance.
답변함 일 년 전
0
Is the operation prevented by the SCP?
Check the SCP of the OU to which the account belongs.
If guardrails are set up on the control tower, they may be rejected by SCP.
https://docs.aws.amazon.com/controltower/latest/userguide/mandatory-controls.html
관련 콘텐츠
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 3년 전
Thanks for the comments, I have disabled the config long back ago with your inputs. I just modified the SCP policy and stoped the AWS config.