AWS Service Control Policies
ACM.136b Governance: Setting security controls at the organizational level
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Part of my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: Cloud Governance | AWS Security
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
As a reminder I’ve recently been considering how to protect domain names migrated to a single AWS account in an organization that is dedicated for that purpose. I’ve considered the pros and cons of using various IAM functions and how someone might escalate privileges to get to the resources in that account.
In the last post, I reiterated The Dry Principle (Don’t Repeat Yourself). I’ve written about it a few times but decided to summarize it in a single post:
That concept is applicable to one more AWS construct we can use in our IAM architecture to help protect our resources and provide governance across our organization. We cloud disallow access to Route 53 domain management functions in each…
