Questions tagged with Service Control Policy
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
kind: Service
metadata:
name: test-nlb
namespace: default
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
...
Hi AWS, I have created an SCP to explicitly deny use of AWS services other than 4 approved AWS regions, i.e. `us-east-1`, `us-east-2`, `us-west-1` and `us-west-2`. Here is the SCP code:
```
{
...
asked 20 days ago
Hi AWS, we have recently deployed AWS Config Conformance packs to detect non-compliant resources and remediation was done manually. It has improved the performace score to a certain extent but now the...
asked 24 days ago
Hi
in the [documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_evaluation.html#strategy_using_scps) there is an example regarding SCP evaluation
*...
Hi Team, here is the situation -
I have scp on my account which would block "ec2:runInstance" if ebs is not encrypted. Now I am using CFT where I specifically used encryption key to encrypt the...
Hi all,
I'm working on an automation process that creates a **WAFv2 WebACL** whenever a **CloudFront distribution** is created, using **EventBridge** and **Step Functions**.
The automation should...
asked 3 months ago
I am trying to understabd SCP Deny policy with NotAction and 2 negative condition.
``` {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
...
Hi Team, trying to get this work but seems like we can not fetch parameter ( stored in SSM parameter store) from within a SCP policy. I was trying this below policy but seems like this is not...
Hi AWS, I need to create aws SCP that denies creation of EC2 that does not have tags, and allows EC2 creation with specific tag keys pre-defined. We are doing it as part of the FinOps management as we...
asked 4 months ago
There is a SCP to Deny access to Block Public Access settings in S3. The policy was later updated to Allow a specific lambda function to perform this action. The updated policy is given below. The...
we use control tower, organizations, and iam identity center, for all of our accounts. in the management account, we have one prod OU that has an service control policies pre-attached by CT (the name...
Hi AWS, we have some set of JSON files having SCPs code stored in a version control tool which we need deployed within AWS Contol Tower to about multiple OUs. How to do that?
asked 5 months ago