Glossary

Service Control Policy (SCP)

An SCP is a master rulebook for your AWS organization - it sets boundaries that nobody can cross, even administrators.

What is Service Control Policy (SCP)?

AWS Organizations policy that sets permission guardrails for accounts, limiting what actions can be performed.

Why Should You Care?

SCPs provide centralized control over all accounts in an organization, preventing risky configurations at scale.

Is your business exposed?

Real-World Example

An SCP prevents all accounts from disabling CloudTrail or creating resources in unapproved regions.

How to Protect Against Service Control Policy (SCP)

  1. 1.

    Implement SCPs for security baseline controls

  2. 2.

    Prevent disabling of security services via SCP

Related Terms

Aws Organizations, Guardrails, Governance

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices