All Content tagged with Service Control Policy

Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization.

Content language: English

Select tags to filter
Sort by most recent
72 results
While I am trying to disable a control in a OU, I am getting the following error OU: ou-dfas--wx12n3h2 Control: [CT.CLOUDFORMATION.PR.1] Disallow management of resource types, modules, and hooks wit...
1
answers
0
votes
30
views
asked 7 days ago
So I just hopped back on AWS after a bit and tried creating a beanstalk environment to host my .NET Core 7.0 based web app and even though I am trying to use the available "aws-elasticbeanstalk-servic...
1
answers
0
votes
66
views
asked a month ago
Hi, i want to apply for accessing Bedrock Claude models but i get the error: • Claude 3.5 Sonnet - User: arn:aws:sts::<id2>:assumed-role/AWSReservedSSO_AWSAdministratorAccess_<id/email> is not autho...
1
answers
1
votes
73
views
asked 3 months ago
I’ve created a SCP to enforce tagging policies for EC2 resources by referencing the document "https://aws.amazon.com/pt/blogs/mt/implement-aws-resource-tagging-strategy-using-aws-tag-policies-and-serv...
2
answers
0
votes
132
views
asked 4 months ago
I am trying to implement a very simple policy on AVP where the "when" clause checks on the resource type. Policy example: ``` permit(principal, action, resource) when { resource is namespace::documen...
1
answers
0
votes
92
views
asked 5 months ago
I have an Org with a few OUs and an "S3 only" account living in one of the OUs. I attached an SCP to the account that essentially says "allow S3" and nothing else. Isn't there supposed to be implici...
3
answers
0
votes
140
views
asked 6 months ago
I want to implement SCPs to restrict AWS accounts linked to my AWS Organization from making outbound calls. The outbound calls should only be restricted to a specific set of websites. I need guidance ...
2
answers
0
votes
240
views
asked 7 months ago
I am looking to enable a service from SCP only for certain time or if the date is not greater than a X date, how can i achieve this does SCP supports `aws:CurrentTime` condition ?
3
answers
0
votes
175
views
profile picture
asked 8 months ago
Since last week, all our systems on Elastic Beanstalk suddenly failed to install the latest platform update, 4.2.7 to 4.3.0, as part of a weekly managed update process. This came as an unwelcome surpr...
2
answers
0
votes
222
views
asked 9 months ago
Hi AWS, we have a list of security controls as mentioned below. We are preferring the use of AWS Trusted Advisor and the Remediator to remediate them, but I am not sure if the Trusted Advisor will rem...
1
answers
0
votes
332
views
profile picture
asked 9 months ago
Hi AWS, I am planning to write an SCP for the following: 1. MFA should be enabled for all IAM users. 2. Hardware MFA should be enabled for the root user. 3. MFA should be enabled for the root user M...
3
answers
0
votes
423
views
profile picture
asked 9 months ago
Hi AWS, I am writing an SCP to enable **AWS Config** and **AWS GuardDuty**. The approved regions are `us-east-1`, `us-east-2`, `us-west-1`. Here is the SCP code: ``` { "Version": "2012-10-17", ...
2
answers
0
votes
381
views
profile picture
asked 9 months ago