Skip to content

AWS Notes

Scp

AWS Notes

Table of Contents
Identity
Identity
- AWS Accounts
- Awssso
- Cognito
- Controltower
- AWS Identity And Access Management (IAM)
- Identityfederation
- Organizations
- Policyevaluation
- Ram
- Revisiontopics
- Scp Scp
  Table of contents
  - Service Control Policies
- Servicecatalogue
- Servicequotas
- Sts
- Toc
Compute
Compute
- Containers
  Containers
  - Basics
  - Ecr
  - Ecs
  - Eks
- Ec2
  Ec2
- Elasticbeanstalk
  Elasticbeanstalk
  - TOC
  - Basics
  - Deployment
  - Docker
- Lambda
  Lambda
  - Basics
  - Execution
  - Networking
  - Stepfunctions
  - TOC
Databases
Databases
- Athena
- Elasticcache
- Redshift
- Aurora
  Aurora
  - Index
- Dynamodb
  Dynamodb
  - TOC
  - Basics
  - Dax
  - Globaltables
  - Indexes
  - Operating
  - Streams
- Rds
  Rds
  - Index
  - Basics
  - Multiaz
  - Backups
  - Readreplicas
  - Rdssecurity
  - Aurorabasics
  - Auroraserverless
  - Rdsproxy
  - Dms
Networking
Networking
- Toc
- Apigateway
  Apigateway
  - Basics
- Hybrid
  Hybrid
- Scaling
  Scaling
  - Asg
  - Loadbalancer
- Vpc
  Vpc
Storage
Storage
- Efs
- Fsx
- Transferfamily
Security
Security
- Cloudhsm
- Guardduty
- Inspector
- Neworkfirewall
- Trustedadvisor
- Waf
- Key management service
  Key management service
  - KMS Basics
Monitoring
Monitoring
- Awsconfig
- Cloudtrail
- Vpcflowlogs
- X ray
- Cloudwatch
  Cloudwatch
  - Basics
  - Cwlogs
  - Toc
Devops
Devops
- Basics
- Cicd
Costmanagement
Costmanagement
- Basics
Bcpdr
Bcpdr
- Disasterrecovery
Eventdriven
Eventdriven
- Architecture
- Eventbridge
- Kinesis
- Sns
- Sqs
- TOC
Machinelearning
Machinelearning
- Rekognition
- Comprehend
- Devicefarm
- Forecast
- Frauddetector
- Glue
- Kendra
- Kinesisvideostreams
- Lexconnect
- Polly
- Sagemaker
- Textract
- Transcribe
- Translate
Tbd

Scp

Service Control Policies

Management account can not be controlled by SCP
SCPs define account permissions boundaries
SCPs define what an account including account root user can do
While account root user still has unrestricted access to an account, SCPs put boundaries on what an account can do & hence restrict account root user indirectly
Service control policies do not grant new permissions to identities. They only restrict permissions given to identities
Service control policies can function either as
Allow List - I.E Deny by default but allow specific access
Deny List - I.E. Allow by default but block specific access. This is the default for SCP.
As Deny List is default i.e. by default SCPs allow full access or in other words by default they have no effect