Certified Security - Specialty

Sign Up Free or Log In to participate!

Can Service Control Policy be attached to Root level?

Define a Service Control Policy which applies to the whole organization .. this SCP can be attached to Root Master Account?


Yes, by default, an SCP named FullAWSAccess is attached to every organization root, OU, and account

1 Answers

SCP can be applied at the root level of the OU hierarchy, but SCP will not apply to the master/management account.  "SCPs don’t affect users or roles in the management account. They affect only the member accounts in your organization." https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?