AWS Management & Governance Blog

Category: AWS Single Sign-On (SSO)

ReadOnly SCP Post Featured Image

How to implement a read-only service control policy (SCP) for accounts in AWS Organizations

Customers who manage multiple AWS accounts in AWS Organizations can use service control policies (SCPs) to centrally manage permissions in their environment. SCPs can be applied to an organization unit (OU), account, or entire organization to restrict the maximum permissions that can be applied in the scoped AWS accounts. In this post, we are going to explore the use of SCPs to restrict an AWS account to read-only access.

Read More
Active Directory AWS Control Tower diagram

Extend a self-managed Active Directory to AWS Control Tower

One common use case for customers during the early cloud journey is to use existing identity service such as Microsoft Active Directory. In this blog post, I show you how to setup AWS Control Tower to delegate user authentication to a self-managed Microsoft Active Directory via AWS Managed Microsoft AD. This blog post shows a […]

Read More

How to Detect and Mitigate Guardrail Violation with AWS Control Tower

Many companies that I work with would like to innovate fast in the cloud by adopting a self-service infrastructure provisioning model in a multi-account environment. However, maintaining security and governance in such a model is an organizational challenge. Without structured guardrails and baseline configuration enforcement, troubleshooting and mitigating risk can be cumbersome. AWS Control Tower […]

Read More