awesome-service-control-policies
Listing of resources for example AWS Service Control Policies (SCPs), best practices, and pro-tips when working with SCPs
why?
Service Controls Policies are arguably the most effective preventative guardrail for AWS Organizations and the member accounts within. Many individuals have shared their policies and learnings with all of us, lets try to make them a little easier to find.
AWS SCP Examples
https://github.com/aws-samples/service-control-policy-examples
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples.html
AWS SCP Samples
https://aws-samples.github.io/aws-iam-permissions-guardrails/guardrails/scp-guardrails.html
AWS Blog with a few additional examples:
AWS Blog on SCP framework
AWS Data perimeter SCP Examples
https://github.com/aws-samples/data-perimeter-policy-examples/tree/main/service_control_policies
AWS re:inforce 2022 talk by Tatyana and Rajeev
asecure.cloud example SCPs
Arkadiy's Chime SCPs
https://gist.github.com/arkadiyt/ce963fc21dd953be3c66b9be9ac6e5fe
Chris Farris' SCPs
https://github.com/jchrisfarris/aws-service-control-policies/
CloudSecDoc's SCPs
https://cloudsecdocs.com/aws/services/iam/organizations/#sample-scps
ScaleSec SCPs
https://github.com/ScaleSec/terraform_aws_scp
CloudPosse SCPs
https://github.com/cloudposse/terraform-aws-service-control-policies/tree/master/catalog
Summit Route's SCP Best Practices
https://summitroute.com/blog/2020/03/25/aws_scp_best_practices/
Wiz Blog on SCPs by Scott Piper:
https://www.wiz.io/blog/using-service-control-policies-to-protect-security-baselines
Rami's SCP minification pro-tip