AWS Service Control Policies (SCPs) must be turned on within AWS in order for them to take effect. If you add any SCPs to cloudtamer.io but they are turned off in the AWS console, we will send a notification every 48 hours to remind them that SCPs are not enabled for their organization.
To add an AWS SCP:
- Select Cloud Management > AWS Service Control Policies.
- In the AWS Service Control Policy Name field, enter a name to identify the SCP throughout the application. This field must be unique among SCPs.
- Enter an optional Description.
- In the AWS Service Control Policy field, enter or paste a valid AWS Service Control Policy.
- Toggle Format to ON to align the braces. You can also click View Supported Parameters to view the supported parameters and Hide Supported Parameters to hide them.
- In the AWS SCP Owners drop-down menus, select which users and user groups will be the SCP's owners. Owners are given all relevant permissions associated with the owner role (you can read about this in our Ownership of Objects article). You must choose at least one user or group.
- Click Create Service Control Policy. Once the SCP is saved it will be validated with AWS.