Awesome AWS service control policies (SCPs) and organizational policies in general (service control, ai opt out, backup, tagging)
Inspired by many other awesome lists!
- ScaleSec/terraform_aws_scp
- trussworks/terraform-aws-ou-scp
- cloudposse/terraform-aws-service-control-policies
- Appsilon/terraform-aws-ou-scp
- timurgaleev/terraform-aws-organization-scp
- welldone-cloud/aws-scps-for-sandbox-and-training-accounts
- https://github.com/latacora/latacora-service-control-policies/tree/master/policy-groups
- aws_iam_policy_document - Useful terraform data source to build a policy and minify it using attribute
minified_json
- phzietsman/terraform-aws-policy-packer - reduce size of IAM policy
- https://towardsthecloud.com/aws-scp-service-control-policies
- https://www.stormit.cloud/blog/aws-scp-service-control-policy
- https://medium.com/gft-engineering/more-about-aws-service-control-policies-scp-1588ff9bc814
- Jun 17 2022 - More about AWS Service Control Policies (SCP)
- Mar 25, 2020 - AWS SCP Best Practices
- SCPs don't affect users or roles in the management account. They affect only the member accounts in your organization.
- 5 policies maximum can be attached to root/ou/account
- SCPs have a maximum character limit of 5120
- List of expensive actions
- ACM SCPs
- AWS Service Control Policy Examples
- https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
- https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html#min-max-values
- Terraform and OpenTofu registry search