What happens when you attach a service control policy, let's say that only allows you to launch an EC2 instance of type t2.micro (Action: ec2:RunInstances) but the account it is being attached to already has a t2.large instance running there? Does it prevent the attachment of the SCP or only affects launch of new instances?
Attach AWS SCP to account that affects existing resources in that account
227 Views Asked by Console.WriteLine At
1
There are 1 best solutions below
Related Questions in AMAZON-WEB-SERVICES
- S3 integration testing
- How to get content of BLOCK types LAYOUT_TITLE, LAYOUT_SECTION_HEADER and LAYOUT_xx in Textract
- Error **net::ERR_CONNECTION_RESET** error while uploading files to AWS S3 using multipart upload and Pre-Signed URL
- Failed to connect to your instance after deploying mern app on aws ec2 instance when i try to access frontend
- AWS - Tab Schema Conversion don't show up after creating a Migration Project
- Unable to run Bash Script using AWS Custom Lambda Runtime
- Using Amazon managed Prometheus to get EC2 metrics data in Grafana
- AWS Dns record A not navigate to elb
- Connection timed out error with smtp.gmail.com
- AWS Cognito Multi-tenant Integration | Ok to use Client’s Idp?
- Elasticbeanstalk FastAPI application is intermittently not responding to https requests
- Call an External API from AWS Lambda
- Why my mail service api spring isnt working?
- export 'AWSIoTProvider' (imported as 'AWSIoTProvider') was not found in '@aws-amplify/pubsub'
- How to take first x seconds of Audio from a wav file read from AWS S3 as binary stream using Python?
Related Questions in AWS-ORGANIZATIONS
- AWS Organization - Why do I get "You have exceeded the allowed number of AWS accounts." error even though I've only added 2 accounts?
- AWS Backup not creating backups with AWS Organizations
- AWS Backup Account Terraform Policy Creation Issue: AccessDeniedException
- AWS Organisation 'Service Access Policy' Deny ability to delete S3 bucket EXCEPT for user identified in 'Condition' using aws:username
- Terraform Cloud + OIDC AWS + assume role
- AWS Cli calls in bash script variable assignment when sending parent-id/child-id
- AWS - Single occount (root user) with multiple Organizations
- Create buckets in different accounts in organization
- AWS Organization/IAM centralize roles and policies
- Which account does your CodeCommit reside in a multi-account setup?
- SCP - Deny all regions for all services except S3 and global services
- Can't access S3 bucket as root
- How can I add AWS QuickSight access to the SCPs controlled by Control Tower?
- Consolidating All AWS Member Account Health Notifications and sending it to SNS endpoint using Lambda Function
- Delete config conformance pack from one of the account under organization
Related Questions in AWS-SCP
- AWS Organisation 'Service Access Policy' Deny ability to delete S3 bucket EXCEPT for user identified in 'Condition' using aws:username
- AWS MalformedPolicyDocumentException while deploying SCP with Terraform
- SCP - Deny all regions for all services except S3 and global services
- need to create using SCP allowing users to create any resource only if they create tags in the process
- AWS IAM policy based on PermissionSet mapping
- How to Enforce tagging in aws using aws organizations Service Control Policies(SCP)
- AWS SCP for mandating S3 bucket encryption
- Attach AWS SCP to account that affects existing resources in that account
- Is there an AWS SCP to deny Transfer of elastic IP's from one account to another?
- Why aren't some of these SCP Policies working?
- Prevent CodeBuild projects without VPC
- How to allow only specific OpenID Connect provider in AWS with AWS SCP?
- AWS SCP with "NotAction" Deny is just... Denying..?
- Do SCP Policies affect S3 Lifecycles?
- AWS unencrypted SNS Topic SCP policy
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
It only prevents launching of new instances. Nothing in any doc would suggest that the SCP would not be able to be applied or that non compliant resources might be removed. Think about it: your SCP might allow operation only by some user or from some VPC or during some time of day. None of those could even be retroactively checked for past compliance.