3 個答案
- 最新
- 最多得票
- 最多評論
0
Hello,
Currently you can only use resources and conditions in your SCPs with Deny statements. Your policy is an Allow policy, which does not support those policy elements. See the docs here: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html
You should be able to invert the statements in the policy to create the same effect. For example, you can use NotAction instead of Action and use StringNotEquals instead of StringEquals in your policy condition.
Thanks,
Mike
已回答 5 年前
0
Hi,
MikeS-aws gave the correct answer below.. so removing my comment :-)
Edited by: RandyTakeshita on Sep 20, 2019 11:03 AM
已回答 5 年前