Resources
AWS documentation
-
Automated Security Response on AWS (AWS Solution)
AWS blog posts
-
Identity Guide – Preventive controls with AWS Identity – SCPs
-
How to implement a read-only service control policy (SCP) for accounts in AWS Organizations
-
Best Practices for AWS Organizations Service Control Policies in a Multi-Account Environment
-
Maintain compliance using Service Control Policies and ensure they are always applied
-
Proactively keep resources secure and compliant with AWS CloudFormation hooks
Other resources
-
Cloud Controls Matrix (CCM)
(Cloud Security Alliance) -
Example permissions boundaries
(GitHub)