2 Answers
- Newest
- Most votes
- Most comments
0
I would recommend using IAM Permissions boundaries. They are an extra set of permissions that can be applied that can set max permissions for an IAM entity.
See https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
answered 2 years ago
0
You can may be attach an SCP at the org level that explicitly prohibits actions that you don't want users and roles in certain accounts to perform.
answered 2 years ago
Relevant content
- asked a month ago
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
You can may be attach an SCP at the org level that explicitly prohibits actions that you don't want users and roles in certain accounts to perform.