Skip to content

Cloud Governance

Writing an SCP in AWS: An Introduction

Preventive guardrails are a key component of cloud governance. (Cloud governance is the process of defining and creating policies to control costs, minimize security risks, and improve efficiency.) In AWS, preventive guardrails are SCPs (Service Control Policies). Eventually you may need a preventive guardrail in AWS that is not already available. In this case, writing an SCP is an option. Beware, SCPs do have logical limitations on what you can… Read More »Writing an SCP in AWS: An Introduction

AWS Control Tower

AWS Control Tower: A Tool for Cloud Governance

What is AWS Control Tower? AWS Control Tower is a service that provides for cloud governance for a multi-account AWS environment. (Cloud Governance is the process of defining and creating policies to control costs, minimize security risks, and improve efficiency.) It does this by orchestrating several other AWS services, including AWS Organizations, AWS Service Catalog, and AWS IAM Identity Center (successor to AWS Single Sign-On). Control Tower accomplishes this primarily… Read More »AWS Control Tower: A Tool for Cloud Governance

Linitations of Preventative Guardrails

Limitations of Preventive Guardrails in AWS

Cloud Governance is the process of defining and creating policies to control costs, minimize security risks, and improve efficiency. One tool for securing AWS is preventative guardrails. Preventive guardrails in AWS are accomplished using AWS Service Control Policies (SCPs). There are limitations of preventive guardrails that limit you from implementing certain rules. We will explore some of those here and describe why they cannot be accomplished. Types of Rules that… Read More »Limitations of Preventive Guardrails in AWS

//