Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/welldone-cloud/aws-scps-for-sandbox-and-training-accounts
https://github.com/welldone-cloud/aws-scps-for-sandbox-and-training-accounts
Last synced: 3 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/welldone-cloud/aws-scps-for-sandbox-and-training-accounts
- Owner: welldone-cloud
- License: mit
- Created: 2024-01-15T20:46:11.000Z (10 months ago)
- Default Branch: main
- Last Pushed: 2024-05-10T20:15:49.000Z (6 months ago)
- Last Synced: 2024-05-22T03:07:33.835Z (6 months ago)
- Language: Python
- Size: 9.77 KB
- Stars: 132
- Watchers: 4
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
- awesome-github-repos - welldone-cloud/aws-scps-for-sandbox-and-training-accounts - (Python)
README
# aws-scps-for-sandbox-and-training-accounts
Collection of example Service Control Policies (SCPs) that are useful for sandbox and training AWS accounts. The SCPs deny API calls that
* change baseline account settings (contacts, billing, tax settings, etc.),
* have long-term financial effects (purchases and reservations) or
* operate outside allow-listed AWS regions or services.
## Notes
* The provided SCPs can only be a starting point and you will need to adapt them for your specific use case.
* Consider using [aws-nuke](https://github.com/rebuy-de/aws-nuke) to bring AWS accounts back into a clean and known-good state.
* Have a look at the following resources for additional SCPs you might want to implement:
* https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples.html
* https://www.wiz.io/blog/using-service-control-policies-to-protect-security-baselines
* https://www.wiz.io/blog/how-to-set-secure-defaults-on-aws