Skip to main content

Account Does Not Have Properly Configured Service Control Policies

Overview

Checks whether the following conditions are met:

An SCP for the account exists and denies certain regions
An SCP for the account exists and denies more than 3 services

Vendor

AWS

Cloud Service

Account

CSMM v1 CA-04.2

References

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html, https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html#example-scp-deny-region

Severity

2

Item Types

Custom::AWS::Account

Overview
Vendor
Cloud Service
Related Controls
References
Severity
Item Types