Overview

This SCP prevents users or roles in any affected account from creating Resource Access Shares using RAM that are shared with external principals outside the organization

See Related Configuration Items for a Configuration Package to deploy multiple SCPs to an AWS Account.

Configuration template includes a CloudFormation custom resource to deploy into an AWS account.

Configuration Templates

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "*"
            ],
            "Resource": "*",
            "Effect": "Deny",
            "Condition": {
                "Bool": {
                    "ram:AllowsExternalPrincipals": "true"
                }
            }
        }
    ]
}

Actions



Customize Template

No policy variables to customize
* Required field

Sources and Documentation

Configuration Source: Native Feature

Additional Documentation:

© 2020 asecurecloud Inc. All Rights Reserved.