Questions tagged with Service Control Policy
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
Hello ,
I just wanted to know for what all the security preventative
Controls of ec2 service which are high and critical and also SCP’s can be used to prevent them ? Do we have any documentation...
1
answers
0
votes
142
views
asked 3 months agolg...
Control Tower SCPlg...
I deployed Control Tower manually. Then I enabled multiple Controls manually to an OU under which there is my workload account. As soon as deployed all controls, I started getting multiple issues. it...
1
answers
0
votes
603
views
asked 3 months agolg...
Hello, I started a project that aims to prevent the creation of certain resources if they do not have certain Tags. Following this documentation...
4
answers
2
votes
260
views
asked 3 months agolg...
In addition to the native FullAWSAccess SCP, I have 2 SCPs at the root of my organization
* Block root user access https://asecure.cloud/a/scp_root_account/
* Deny region based on...
2
answers
0
votes
216
views
asked 3 months agolg...
Our AWS org has duplicate SCPs from Control Tower. They are the exact same policy document. But applied to different OUs. I have a couple of questions.
1) Where do the duplicates come from? And will...
1
answers
0
votes
452
views
asked 4 months agolg...
I have a AWS organization with 2 member accounts, applied a SCP at the root OU allowing allow actions on all resources. However I’m having an issue accessing IAM from the root account of one of the...
2
answers
0
votes
440
views
asked 6 months agolg...
Hello team ,
How can we configure securityhub , cloudtrail , guardduty and config for the accounts I have provided via AFT ?
2
answers
0
votes
295
views
asked 6 months agolg...
I created an SCP (service control policy) in my AWS organization restricting resource write-access to four regions (us-east-1, eu-west-1, eu-central-1, eu-central-2) but with an exception for a...
7
answers
0
votes
248
views
asked 7 months agolg...
## Service Control Policies uninformative error messages
Hello, I am testing out implementing company-wide SCPs to enforce resources being created with the correct tags. When in effect, I noticed that...
1
answers
0
votes
416
views
asked 7 months agolg...
Hi,
I'm trying to create a SCP to prevent users from modifying specific resources based on a specific tag.
This is the policy I've applied, but I can still modify name, tags and other on the different...
1
answers
0
votes
915
views
asked 8 months agolg...
Where can I find all possible Resource Actions and Conditions for all Resource Types. For example for Glue what are the SCP Actions and Conditions available to implement recommended controls.
1
answers
0
votes
517
views
asked 8 months agolg...
I decommissioned the landing zone a while back and I am trying to create a new one. I followed the manual cleanup steps as outlined...
2
answers
0
votes
339
views
asked 8 months agolg...