Service Control Policies

5/5
FILTERS
 
CloudTrail
Prevent Users from Disabling AWS CloudTrail
Service Control Policy
This SCP prevents users or roles in any affected account from disabling a CloudTrail log, either directly as a command or through the console.
Config
Prevent Users from Disabling AWS Config or Changing Its Rules
Service Control Policy
This SCP prevents users or roles in any affected account from running AWS Config operations that could disable AWS Config or alter its rules or triggers.
CloudWatch
Prevent Users from Disabling Amazon CloudWatch or Altering Its Configuration
Service Control Policy
This SCP prevents users or roles in any affected account from running any of the CloudWatch commands that could delete or change your dashboards or alarms.
VPC
Prevent Users from Deleting Amazon VPC Flow Logs
Service Control Policy
This SCP prevents users or roles in any affected account from deleting Amazon EC2 flow logs or CloudWatch log groups or log streams.
Flow Logs
Prevent Any VPC That Doesn't Already Have Internet Access from Getting It
Service Control Policy
This SCP prevents users or roles in any affected account from changing the configuration of your Amazon EC2 virtual private clouds (VPCs) to grant them direct access to the internet. It doesn't block existing direct access or any access that routes through your on-premises network environment.