Resource control policies (RCPs) are a new authorization policy in AWS Organizations that allow you to centrally set the maximum available permissions on resources within your entire organization, helping establish a data perimeter and prevent unintended access at scale.

<div>
<p>This article introduces resource control policies (RCPs), a new type of authorization policy in AWS Organizations that can restrict external access to resources at scale.</p>
<p>Specifically, the article covers:</p>
<ul>
<li>What RCPs are and how they differ from service control policies (SCPs)</li>
<li>How to enable and create RCPs in the AWS Organizations console</li>
<li>An example of creating an RCP to restrict access to S3 buckets to only principals within the organization</li>
<li>How to attach and test RCPs</li>
<li>Using RCPs with AWS Control Tower for large-scale deployment and drift detection</li>
<li>The role of RCPs in establishing a data perimeter and comprehensive security baseline alongside SCPs</li>
</ul>
</div>


Related articles