Please enable JavaScript.
Coggle requires JavaScript to display documents.
IAM M7 P2 (organization (policy (SCP apply at OU level, Create SCP policy…
IAM M7 P2
organization
OU
For example, you could give your advanced R&D team access to a wide range of AWS services, and then be a bit more cautious with your mainstream development and test accounts.
Or, on the production side, you could allow access only to AWS services that are eligible for HIPAA compliance.
diagram
OU pt
SCP policy defines the full set of allowable actions within the account. In order to allow IAM users within the account to be able to use these actions, I would still need to create suitable IAM policies and attach them to the users (all within the member account)
policy
-
- Create SCP policy and attach to OU
Ex: OU1 can do Lamda, Ex2: Ou2 can do Ec2 and S3
-
-