2 Answers
- Newest
- Most votes
- Most comments
1
Can you check if your SCP is attached to target account where you are testing and trying to enable it from non-approved region.
Your policy looks correct, I tested it and it works fine as expected:
Then I try to enable config in Mumbai and N. Virginia and see the results:
Mumbai: Denied
N. Virginia: Allowed
1
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
Maybe you are testing it on the Management (Master) account ?
You can't use SCPs to restrict the following tasks:
Any action performed by the management account
Relevant content
- asked 2 months ago
- asked 3 months ago
- asked 2 days ago
- asked a year ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
yes, it is @secondabhi_aws
Your policy doesn't have any problem, I just tested it and it works as expected. Just select your SCP from Organizations console and see the targets, make sure the account where you are trying is added as target.
Were you able to find out the problem?