AWS Certified Solutions Architect - Professional 2020

Sign Up Free or Log In to participate!

AWS Orgs Service Control Policies and Permission Boundaries

What is the purpose of using Service Control Policies and Permission Boundaries? Why not just setup maximum and effective permissions without using the SCP and boundaries?

1 Answers

In theory – you could setup permissions for individual identities or services, but SCP is about management delegation to individual organizations. In case of having multiple organizations, you  (can) delegate the identity and role management to individual organization (or organization unit) administrators. In this case you may want to impose some organization-wide rules of your "child" organization accounts, e.g. prevent disable logging, prevent update of roles.

Jordan Marcio

Ok, so is like a global restriction or allowance that is applied to administrators of those organizations that are underneath ?

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?