Creating an Organizational Unit (OU) and Service Control Policies (SCPs) with CloudFormation
ACM.170 Recreating our OUs and SCPs with CloudFormation
Part of my series on Automating Cybersecurity Metrics. AWS Organizations. Cloud Governance. The Code.
Free Content on Jobs in Cybersecurity | Sign up for the Email List
In the last post we considered which service control policies we want to add to our root OU.
Now I could jump in and create roles to allow people to do things, but there are also things I want to prevent before I start granting people access.
Consider the IAM architecture I wrote about here:
That shifted a bit as we considered how we would integrate with Okta, but the general premise…