112. What is a Service Control Policy (SCP)?
AWS Bites2 Helmi 2024

112. What is a Service Control Policy (SCP)?

In this episode, we provide a friendly introduction to Service Control Policies (SCPs) in AWS Organizations. We explain what SCPs are, how they work, common use cases, and tips for troubleshooting access-denied errors related to SCPs. We cover how SCPs differ from identity-based and resource-based policies, and how SCPs can be used to set boundaries on maximum permissions in AWS accounts across an organization.


💰 SPONSORS 💰 AWS Bites is sponsored by fourTheorem, an AWS Partner with plenty of experience setting up AWS accounts and Service Control Policies. If that's something you'd like some help with, reach out to us on social media or check out ⁠https://fourTheorem.com⁠ In this episode, we mentioned the following resources:


Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠

Jaksot(157)

121. 5 Ways to extend CloudFormation

121. 5 Ways to extend CloudFormation

In this episode, we discuss 5 different ways to extend CloudFormation capabilities beyond what it natively supports. We started with a quick recap of what CloudFormation is and why we might need to ex...

18 Huhti 202430min

120. Lambda Best Practices

120. Lambda Best Practices

In this episode, we discuss best practices for working with AWS Lambda. We cover how Lambda functions work under the hood, including cold starts and warm starts. We then explore different invocation t...

4 Huhti 202426min

119. The state of AWS 2024 (AnsWeRS community survey commentary)

119. The state of AWS 2024 (AnsWeRS community survey commentary)

In this episode, we provide commentary and analysis on the 2024 AWS Community Survey results. We go through the key findings for each area including infrastructure as code, CI/CD, serverless, containe...

22 Maalis 202439min

118. The landing zone: Managing multiple AWS accounts

118. The landing zone: Managing multiple AWS accounts

In this episode, we provide an introductory overview of AWS's best practices for managing infrastructure using multiple accounts under an organization. We discuss the advantages of this approach and h...

15 Maalis 202425min

117. What do EBS and a jellyfish have in common?

117. What do EBS and a jellyfish have in common?

In this episode, we provide an overview of Amazon EBS, which stands for Elastic Block Storage. We explain what block storage is and how EBS provides highly available and high-performance storage volum...

8 Maalis 202421min

116. What is RAM (Resource Access Manager)?

116. What is RAM (Resource Access Manager)?

In this episode, we discuss AWS Resource Access Manager (RAM) and how it can be used to securely share AWS resources like VPC subnets, databases, and SSM parameters across accounts. We explain the ben...

1 Maalis 202413min

115. What can you do with Permissions Boundaries?

115. What can you do with Permissions Boundaries?

In this episode, we discuss Permission Boundary policies in AWS IAM. A permissions boundary is an advanced feature in which you set the maximum permissions that an identity-based policy can grant to a...

23 Helmi 202413min

114. What's up with LLRT, AWS' new Lambda Runtime?

114. What's up with LLRT, AWS' new Lambda Runtime?

In this episode, we discuss the new experimental AWS Lambda LLRT Low Latency runtime for JavaScript. We provide an overview of what a Lambda runtime is and how LLRT aims to optimize cold starts and pe...

16 Helmi 202430min