All Content tagged with Service Control Policy

While I am trying to disable a control in a OU, I am getting the following error OU: ou-dfas--wx12n3h2 Control: [CT.CLOUDFORMATION.PR.1] Disallow management of resource types, modules, and hooks wit...

So I just hopped back on AWS after a bit and tried creating a beanstalk environment to host my .NET Core 7.0 based web app and even though I am trying to use the available "aws-elasticbeanstalk-servic...

Hi, i want to apply for accessing Bedrock Claude models but i get the error: • Claude 3.5 Sonnet - User: arn:aws:sts::<id2>:assumed-role/AWSReservedSSO_AWSAdministratorAccess_<id/email> is not autho...

I’ve created a SCP to enforce tagging policies for EC2 resources by referencing the document "https://aws.amazon.com/pt/blogs/mt/implement-aws-resource-tagging-strategy-using-aws-tag-policies-and-serv...

I am trying to implement a very simple policy on AVP where the "when" clause checks on the resource type. Policy example: ``` permit(principal, action, resource) when { resource is namespace::documen...

I have an Org with a few OUs and an "S3 only" account living in one of the OUs. I attached an SCP to the account that essentially says "allow S3" and nothing else. Isn't there supposed to be implici...

I want to implement SCPs to restrict AWS accounts linked to my AWS Organization from making outbound calls. The outbound calls should only be restricted to a specific set of websites. I need guidance ...

I am looking to enable a service from SCP only for certain time or if the date is not greater than a X date, how can i achieve this does SCP supports `aws:CurrentTime` condition ?

Since last week, all our systems on Elastic Beanstalk suddenly failed to install the latest platform update, 4.2.7 to 4.3.0, as part of a weekly managed update process. This came as an unwelcome surpr...

Hi AWS, we have a list of security controls as mentioned below. We are preferring the use of AWS Trusted Advisor and the Remediator to remediate them, but I am not sure if the Trusted Advisor will rem...

Hi AWS, I am planning to write an SCP for the following: 1. MFA should be enabled for all IAM users. 2. Hardware MFA should be enabled for the root user. 3. MFA should be enabled for the root user M...

Hi AWS, I am writing an SCP to enable **AWS Config** and **AWS GuardDuty**. The approved regions are `us-east-1`, `us-east-2`, `us-west-1`. Here is the SCP code: ``` { "Version": "2012-10-17", ...