Posted On: Oct 9, 2023
Starting today, you can use service control policies (SCPs) to set permission guardrails with the fine-grained controls used in AWS Identity and Access Management (IAM) policies in the AWS China (Beijing) Region, operated by Sinnet and the AWS China (Ningxia) Region, operated by NWCD. This feature makes it easier to meet the specific requirements of your organization’s governance rules.
AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. Central security administrators use SCPs with AWS Organizations to establish access controls that all IAM principals (users and roles) adhere to. Now, using SCPs, you can control what the principals in your organization can access across accounts in your organization or organizational unit. For example, you can use SCPs to restrict access to only resources in your organization (using aws:ResourceOrgID), or prevent deleting common resources, such as an IAM role used for your central administrators.
To get started with SCPs, visit the AWS Organizations console. You can use SCPs in any AWS regions that supports AWS Organizations, including the AWS China (Beijing) Region, operated by Sinnet and the AWS China (Ningxia) Region, operated by NWCD. To learn more about SCPs, visit the Service Control Policies documentation.