Questions tagged with Service Control Policy
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
I am trying to understabd SCP Deny policy with NotAction and 2 negative condition.
``` {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
...
1
answers
0
votes
65
views
asked 25 days agolg...
Hi Team, trying to get this work but seems like we can not fetch parameter ( stored in SSM parameter store) from within a SCP policy. I was trying this below policy but seems like this is not...
2
answers
0
votes
270
views
asked a month agolg...
Hi AWS, I need to create aws SCP that denies creation of EC2 that does not have tags, and allows EC2 creation with specific tag keys pre-defined. We are doing it as part of the FinOps management as we...
1
answers
0
votes
182
views
asked a month agolg...
There is a SCP to Deny access to Block Public Access settings in S3. The policy was later updated to Allow a specific lambda function to perform this action. The updated policy is given below. The...
3
answers
0
votes
514
views
asked a month agolg...
we use control tower, organizations, and iam identity center, for all of our accounts. in the management account, we have one prod OU that has an service control policies pre-attached by CT (the name...
1
answers
0
votes
138
views
asked a month agolg...
Deploy SCPs to OUslg...
Hi AWS, we have some set of JSON files having SCPs code stored in a version control tool which we need deployed within AWS Contol Tower to about multiple OUs. How to do that?
1
answers
0
votes
125
views
asked a month agolg...
How do I turn off Trusted Advisor's "amazon rds reserved instance optimization" (check 1qazXsw23e) while keeping all other TA functions in place? What would need to be listed in an SCP?
2
answers
0
votes
107
views
asked 2 months agolg...
We have an organization with a couple of users. One of our users set up an EC2 instance that I cannot see in the management console. I am logging in as the "Mangement Account" for the organization. We...
1
answers
0
votes
156
views
asked 2 months agolg...
Have you ever wondered why terminating an EC2 instance doesn't require double confirmation through email, unlike other critical actions such as enabling services for payments? And why is the default...
1
answers
0
votes
635
views
asked 2 months agolg...
Dear Team - I have gone through https://aws.amazon.com/blogs/mt/implement-aws-resource-tagging-strategy-using-aws-tag-policies-and-service-control-policies-scps/ . As per this we can create the SCP...
1
answers
0
votes
163
views
asked 2 months agolg...
I have this SCP attached to account A in my org:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"route53:ChangeResourceRecordSets"
...
1
answers
0
votes
142
views
asked 2 months agolg...
We have a SCP that denies resource creation of certain tags are not given for lambda function.
But I am trying to create a canary and it's corresponding tags are not getting promoted to lambda so it's...
1
answers
0
votes
131
views
asked 2 months agolg...