How to stop or disable aws config recorder in Control Tower

0

We have control Towel account, In that Control Tower one of account has enabled aws config service from few weeks. We are tying to disable the service but it showing the error as "You do not have suffcient permission to perform this action". As i have the admin level privileges, I'm able to enable and disable the aws config service in other control tower account but this issue was facing in this particular account.

  • Thanks for the comments, I have disabled the config long back ago with your inputs. I just modified the SCP policy and stoped the AWS config.

3 Respostas
1
Resposta aceita

When you've got full administrator access but are still getting denied, see if there is a Service Control Policy (SCP) attached to the account or organizational unit. Your permissions are the overlap between what the SCP allows/denies and what your IAM policies allow/deny.

When you enable AWS Control Tower, it automatically applies guardrails, including preventing such actions as disabling the AWS Config recorder, which makes sense since that is an important tool for maintaining compliance.

AWS
debbie
respondido há um ano
profile picture
ESPECIALISTA
avaliado há 9 dias
0

This is a mandatory preventative control as a part of Control Tower implemented via an SCP.

profile pictureAWS
ESPECIALISTA
kentrad
respondido há um ano
0

Is the operation prevented by the SCP?
Check the SCP of the OU to which the account belongs.
If guardrails are set up on the control tower, they may be rejected by SCP.
https://docs.aws.amazon.com/controltower/latest/userguide/mandatory-controls.html

profile picture
ESPECIALISTA
respondido há um ano

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas