houey/awesome-service-control-policies

Listing of resources for example AWS Service Control Policies (SCPs)

awesome-service-control-policies

Listing of resources for example AWS Service Control Policies (SCPs), best practices, and pro-tips when working with SCPs

why?

Service Controls Policies are arguably the most effective preventative guardrail for AWS Organizations and the member accounts within. Many individuals have shared their policies and learnings with all of us, lets try to make them a little easier to find.

AWS SCP Examples

https://github.com/aws-samples/service-control-policy-examples

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples.html

AWS SCP Samples

https://aws-samples.github.io/aws-iam-permissions-guardrails/guardrails/scp-guardrails.html

AWS Blog with a few additional examples:

https://aws.amazon.com/blogs/security/establishing-a-data-perimeter-on-aws-allow-only-trusted-resources-from-my-organization/

AWS Blog on SCP framework

https://aws.amazon.com/blogs/industries/best-practices-for-aws-organizations-service-control-policies-in-a-multi-account-environment/

AWS Data perimeter SCP Examples

https://github.com/aws-samples/data-perimeter-policy-examples/tree/main/service_control_policies

AWS re:inforce 2022 talk by Tatyana and Rajeev

https://youtu.be/SMi5OBjp1fI

asecure.cloud example SCPs

https://asecure.cloud/l/scp/

Arkadiy's Chime SCPs

https://gist.github.com/arkadiyt/ce963fc21dd953be3c66b9be9ac6e5fe

Chris Farris' SCPs

https://github.com/jchrisfarris/aws-service-control-policies/

CloudSecDoc's SCPs

https://cloudsecdocs.com/aws/services/iam/organizations/#sample-scps

ScaleSec SCPs

https://github.com/ScaleSec/terraform_aws_scp

CloudPosse SCPs

https://github.com/cloudposse/terraform-aws-service-control-policies/tree/master/catalog

Summit Route's SCP Best Practices

https://summitroute.com/blog/2020/03/25/aws_scp_best_practices/

Wiz Blog on SCPs by Scott Piper:

https://www.wiz.io/blog/using-service-control-policies-to-protect-security-baselines

Rami's SCP minification pro-tip

https://ramimac.me/terraform-minimized-scps