Creating an Organizational Unit (OU) and Service Control Policies (SCPs) with CloudFormation

ACM.170 Recreating our OUs and SCPs with CloudFormation

Part of my series on Automating Cybersecurity Metrics. AWS Organizations. Cloud Governance. The Code.

Free Content on Jobs in Cybersecurity | Sign up for the Email List

In the last post we considered which service control policies we want to add to our root OU.

Root OU Service Control Policies

Now I could jump in and create roles to allow people to do things, but there are also things I want to prevent before I start granting people access.

Consider the IAM architecture I wrote about here:

AWS IAM Architecture for New AWS Accounts

That shifted a bit as we considered how we would integrate with Okta, but the general premise…