3 Respostas
- Mais recentes
- Mais votos
- Mais comentários
1
When you've got full administrator access but are still getting denied, see if there is a Service Control Policy (SCP) attached to the account or organizational unit. Your permissions are the overlap between what the SCP allows/denies and what your IAM policies allow/deny.
When you enable AWS Control Tower, it automatically applies guardrails, including preventing such actions as disabling the AWS Config recorder, which makes sense since that is an important tool for maintaining compliance.
respondido há um ano
0
Is the operation prevented by the SCP?
Check the SCP of the OU to which the account belongs.
If guardrails are set up on the control tower, they may be rejected by SCP.
https://docs.aws.amazon.com/controltower/latest/userguide/mandatory-controls.html
Conteúdo relevante
- AWS OFICIALAtualizada há 3 anos
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 2 anos
Thanks for the comments, I have disabled the config long back ago with your inputs. I just modified the SCP policy and stoped the AWS config.