GitHub - timurgaleev/terraform-aws-organization-scp: AWS Organizations Service Control Policies (SCP) by Accounts

AWS Organizations Service Control Policies (SCP) by Accounts

Policy options are:

Deny All Acces (DenyAllAccess)
Deny leaving AWS Organizations (DenyLeavingOrgs)
Deny deleting KMS Keys (DenyDeletingKMSKeys)
Deny manipulation of CloudTrail (DenyCloudTrailActions)
Deny creating IAM users or access keys (DenyCreatingIAMUsers)
Protect IAM Roles (ProtectIAMRoles)
Deny deleting Route53 Hosted Zones (DenyDeletingRoute53Zones)
Deny deleting Cloudwatch logs (DenyDeletingCloudwatchLogs)
Deny root account (DenyRootAccount)
Restrict EC2 Instance Types (LimitEC2InstanceTypes)
Restrict Regional Operations (LimitRegions)
Deny S3 Buckets Public Access (DenyS3BucketsPublicAccess)
Require S3 encryption (DenyIncorrectEncryptionHeader + DenyUnEncryptedObjectUploads)
Protect S3 Buckets (ProtectS3Buckets)
Require MFA S3 Delete (RequireMFAS3Delete)
Deny Unsecure SSL Requests to S3 (DenyNoTLSRequests)
Require MFA to perform an API Action (RequireMFAS3Delete)

Name	Version
terraform	>= 1.4.6
aws	>= 5.4.0

Name	Version
aws	>= 5.4.0

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
modules		modules
.gitignore		.gitignore
README.md		README.md
locals.tf		locals.tf
main.tf		main.tf
organization_accounts.tf		organization_accounts.tf
outputs.tf		outputs.tf
scp.tf		scp.tf
variables.tf		variables.tf
versions.tf		versions.tf