Enforcing enterprise-wide preventive controls with AWS Organizations.

AWS Cloud Operations Blog

This article discusses how to enforce enterprise-wide preventive controls using AWS Organizations through three main policy types: Service Control Policies (SCPs), Resource Control Policies (RCPs), and Declarative Policies.

Service Control Policies (SCPs) restrict IAM principals' access to services and resources across organization accounts
Resource Control Policies (RCPs) control who can access resources across organization member accounts
Declarative Policies ensure consistent configuration of AWS services across the organization

Key best practices include:

Conducting readiness assessments before implementing policies
Understanding quota limits
Enforcing data perimeters
Starting small and scaling gradually
Automating policy validation and deployment

These policies help organizations manage security, compliance, and configuration across multiple AWS accounts effectively.

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Dec 24
2024

Delegated Administrators Guide to Effective Controls in AWS Organizations

Sep 23
2025

Minimize risk through defense in depth: Building a comprehensive AWS control framework

Feb 20
2025

Best practices to respond to security risks across your AWS Organizations

Mar 17
2026

Essential security controls to prevent unauthorized account removal in AWS Organizations

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Enforcing enterprise-wide preventive controls with AWS Organizations.

Related articles