Help improve AWS Support Official channel in re:Post and share your experience - complete a quick three-question survey to earn a re:Post badge!
All Content tagged with Service Control Policy
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization.
Content language: English
Select tags to filter
Sort by most recent
72 results
While I am trying to disable a control in a OU, I am getting the following error
OU: ou-dfas--wx12n3h2
Control: [CT.CLOUDFORMATION.PR.1] Disallow management of resource types, modules, and hooks wit...
So I just hopped back on AWS after a bit and tried creating a beanstalk environment to host my .NET Core 7.0 based web app and even though I am trying to use the available "aws-elasticbeanstalk-servic...
Hi,
i want to apply for accessing Bedrock Claude models but i get the error:
• Claude 3.5 Sonnet - User: arn:aws:sts::<id2>:assumed-role/AWSReservedSSO_AWSAdministratorAccess_<id/email> is not autho...
I’ve created a SCP to enforce tagging policies for EC2 resources by referencing the document "https://aws.amazon.com/pt/blogs/mt/implement-aws-resource-tagging-strategy-using-aws-tag-policies-and-serv...
I am trying to implement a very simple policy on AVP where the "when" clause checks on the resource type.
Policy example:
```
permit(principal, action, resource) when { resource is namespace::documen...
I have an Org with a few OUs and an "S3 only" account living in one of the OUs. I attached an SCP to the account that essentially says "allow S3" and nothing else. Isn't there supposed to be implici...
I want to implement SCPs to restrict AWS accounts linked to my AWS Organization from making outbound calls. The outbound calls should only be restricted to a specific set of websites. I need guidance ...
I am looking to enable a service from SCP only for certain time or if the date is not greater than a X date, how can i achieve this does SCP supports `aws:CurrentTime` condition ?
asked 8 months ago
Since last week, all our systems on Elastic Beanstalk suddenly failed to install the latest platform update, 4.2.7 to 4.3.0, as part of a weekly managed update process. This came as an unwelcome surpr...
Hi AWS, we have a list of security controls as mentioned below. We are preferring the use of AWS Trusted Advisor and the Remediator to remediate them, but I am not sure if the Trusted Advisor will rem...
asked 9 months ago
Hi AWS, I am planning to write an SCP for the following:
1. MFA should be enabled for all IAM users.
2. Hardware MFA should be enabled for the root user.
3. MFA should be enabled for the root user
M...
asked 9 months ago
Hi AWS, I am writing an SCP to enable **AWS Config** and **AWS GuardDuty**. The approved regions are `us-east-1`, `us-east-2`, `us-west-1`. Here is the SCP code:
```
{
"Version": "2012-10-17",
...
asked 9 months ago