Questions tagged with Service Control Policy
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
Creating encrypted (root volume encrypted) ec2 instance but still SCP blocking launch of instancelg...
Hi Team, here is the situation -
I have scp on my account which would block "ec2:runInstance" if ebs is not encrypted. Now I am using CFT where I specifically used encryption key to encrypt the...
1
answers
0
votes
183
views
asked 14 days agolg...
Hi all,
I'm working on an automation process that creates a **WAFv2 WebACL** whenever a **CloudFront distribution** is created, using **EventBridge** and **Step Functions**.
The automation should...
2
answers
1
votes
441
views
asked 19 days agolg...
I am trying to understabd SCP Deny policy with NotAction and 2 negative condition.
``` {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
...
1
answers
0
votes
110
views
asked 2 months agolg...
Hi Team, trying to get this work but seems like we can not fetch parameter ( stored in SSM parameter store) from within a SCP policy. I was trying this below policy but seems like this is not...
2
answers
0
votes
319
views
asked 2 months agolg...
Hi AWS, I need to create aws SCP that denies creation of EC2 that does not have tags, and allows EC2 creation with specific tag keys pre-defined. We are doing it as part of the FinOps management as we...
1
answers
0
votes
223
views
asked 2 months agolg...
There is a SCP to Deny access to Block Public Access settings in S3. The policy was later updated to Allow a specific lambda function to perform this action. The updated policy is given below. The...
3
answers
0
votes
572
views
asked 2 months agolg...
we use control tower, organizations, and iam identity center, for all of our accounts. in the management account, we have one prod OU that has an service control policies pre-attached by CT (the name...
1
answers
0
votes
193
views
asked 2 months agolg...
Deploy SCPs to OUslg...
Hi AWS, we have some set of JSON files having SCPs code stored in a version control tool which we need deployed within AWS Contol Tower to about multiple OUs. How to do that?
1
answers
0
votes
161
views
asked 3 months agolg...
How do I turn off Trusted Advisor's "amazon rds reserved instance optimization" (check 1qazXsw23e) while keeping all other TA functions in place? What would need to be listed in an SCP?
2
answers
0
votes
346
views
asked 3 months agolg...
We have an organization with a couple of users. One of our users set up an EC2 instance that I cannot see in the management console. I am logging in as the "Mangement Account" for the organization. We...
1
answers
0
votes
190
views
asked 3 months agolg...
Have you ever wondered why terminating an EC2 instance doesn't require double confirmation through email, unlike other critical actions such as enabling services for payments? And why is the default...
1
answers
0
votes
664
views
asked 3 months agolg...
Dear Team - I have gone through https://aws.amazon.com/blogs/mt/implement-aws-resource-tagging-strategy-using-aws-tag-policies-and-service-control-policies-scps/ . As per this we can create the SCP...
1
answers
0
votes
222
views
asked 3 months agolg...