Creating a Service Control Policy To Limit SSH Key Algorithms

ACM.384 Using an SCP with Conditions on the KeyPairType to restrict allowed algorithms when taking actions involving EC2 Key Pairs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics | Code.

🔒 Related Stories: AWS | EC2 OS Security | AWS Security | Encryption

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In the last post I showed how to use CloudFormation to create an EC2 key pair — with some serious caveats.

A CloudFormation Template to Enforce a Secure SSH Encryption Algorithm for EC2 Key Pairs

In this post I’m going to explain how to create a Service Control Policy that restricts creation and use of EC2 KeyPairs to an approved algorithm.

To understand what we need to restrict and what is possible we need to take a look at the EC2 actions and condition keys.