awesome-service-control-policies

Awesome AWS service control policies (SCPs) and organizational policies in general (service control, ai opt out, backup, tagging)

Inspired by many other awesome lists!

terraform modules

service control policies

• ScaleSec/terraform_aws_scp
• trussworks/terraform-aws-ou-scp
• cloudposse/terraform-aws-service-control-policies
• Appsilon/terraform-aws-ou-scp
• timurgaleev/terraform-aws-organization-scp
• welldone-cloud/aws-scps-for-sandbox-and-training-accounts
• https://github.com/latacora/latacora-service-control-policies/tree/master/policy-groups

IAM helpers

• aws_iam_policy_document - Useful terraform data source to build a policy and minify it using attribute minified_json
• phzietsman/terraform-aws-policy-packer - reduce size of IAM policy

policy stores

• primeharbor/aws-service-control-policies
• https://asecure.cloud/l/scp/

reference architecture

• aws-samples/aws-scps-with-terraform

blogs

• AWS security blog tag: service control policies
• Oct 9 2023 - What is AWS SCP (Service Control Policy) and How does it Help with Permissions?
• Jul 29 2023 - What are AWS Service Control Policies (SCPs)
• Jun 17 2022 - More about AWS Service Control Policies (SCP)
• Mar 25 2020 - AWS SCP Best Practices

notes

TODO: add sources

• SCPs do not affect users or roles in the management account. They affect only the member accounts in your organization.
• 5 policies maximum can be attached to root/ou/account
• SCPs have a maximum character limit of 512

related projects

• https://ramimac.github.io/wiki/scps/

references

• List of expensive actions
• ACM SCPs
• AWS Service Control Policy Examples
• Service control policies (SCPs)
• Quotas and service limits for AWS Organizations
• Terraform and OpenTofu registry search for scp