Setting up SCPs (Service Control Policies) for DuploCloud

Use SCPs with DuploCloud to add guardrails to AWS organizational units

If you use AWS organizations, you likely use SCPs as guardrails to restrict specific user actions for each organization. You typically set up policy statements in an SCP to add security to restrict specific user actions.

Create a separate organizational unit for your DuploCloud accounts and use the Full Access SCP with no restrictions as a base JSON template, as shown below, and then add policy statements such as the ones described in the AWS Documentation for general SCP examples and those linked in the following list:

Prevent Root access
Prevent users from disabling an AWS configuration or changing configuration rules
Prevent users from disabling CloudWatch or changing its configuration

{
    "Version": "2012-10-17",
    "Statement": {
        "Effect": "Allow",
        "Action": [
          "*:*"
        ],
        "Resource": "*"
    }
}

PreviousInventory NextVideo Transcripts

Last updated 1 year ago

Was this helpful?