Questions tagged with Service Control Policy
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
I have this SCP attached to account A in my org:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"route53:ChangeResourceRecordSets"
...
1
answers
0
votes
191
views
asked 4 months agolg...
We have a SCP that denies resource creation of certain tags are not given for lambda function.
But I am trying to create a canary and it's corresponding tags are not getting promoted to lambda so it's...
1
answers
0
votes
169
views
asked 4 months agolg...
Hello ,
I just wanted to know for what all the security preventative
Controls of ec2 service which are high and critical and also SCP’s can be used to prevent them ? Do we have any documentation...
1
answers
0
votes
181
views
asked 4 months agolg...
Control Tower SCPlg...
I deployed Control Tower manually. Then I enabled multiple Controls manually to an OU under which there is my workload account. As soon as deployed all controls, I started getting multiple issues. it...
2
answers
0
votes
817
views
asked 4 months agolg...
Hello, I started a project that aims to prevent the creation of certain resources if they do not have certain Tags. Following this documentation...
4
answers
2
votes
385
views
asked 5 months agolg...
In addition to the native FullAWSAccess SCP, I have 2 SCPs at the root of my organization
* Block root user access https://asecure.cloud/a/scp_root_account/
* Deny region based on...
2
answers
0
votes
246
views
asked 5 months agolg...
Our AWS org has duplicate SCPs from Control Tower. They are the exact same policy document. But applied to different OUs. I have a couple of questions.
1) Where do the duplicates come from? And will...
1
answers
0
votes
497
views
asked 5 months agolg...
I have a AWS organization with 2 member accounts, applied a SCP at the root OU allowing allow actions on all resources. However I’m having an issue accessing IAM from the root account of one of the...
2
answers
0
votes
597
views
asked 7 months agolg...
Hello team ,
How can we configure securityhub , cloudtrail , guardduty and config for the accounts I have provided via AFT ?
2
answers
0
votes
343
views
asked 8 months agolg...
I created an SCP (service control policy) in my AWS organization restricting resource write-access to four regions (us-east-1, eu-west-1, eu-central-1, eu-central-2) but with an exception for a...
7
answers
0
votes
272
views
asked 8 months agolg...
## Service Control Policies uninformative error messages
Hello, I am testing out implementing company-wide SCPs to enforce resources being created with the correct tags. When in effect, I noticed that...
1
answers
0
votes
539
views
asked 8 months agolg...
Hi,
I'm trying to create a SCP to prevent users from modifying specific resources based on a specific tag.
This is the policy I've applied, but I can still modify name, tags and other on the different...
1
answers
0
votes
1072
views
asked 9 months agolg...