You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: Privileged-access-controls/README.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ Enforce controls to make sure that your roles and applications are given only pr
9
9
|[Deny modifications to specific IAM roles](Deny-modifications-to-specific-IAM-roles.json)|Restrict IAM principals in accounts from making changes to specific IAM roles created in an AWS account. This could be a common administrative IAM role created in all accounts in your organization.|
10
10
|[Deny critical IAM user actions](Deny-critical-IAM-user-actions.json)| Restrict creation and modification of IAM user profiles, IAM user access keys, service specific credentials such as Amazon Bedrock API keys and account password policy to a privileged role, or principal with the `IAMUserManagementException` Principal tag set to a value of `true`.|
11
11
|[Deny member accounts from leaving your AWS organization](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html#example-scp-leave-org)|Restrict users or roles in any affected account from leaving AWS Organizations.|
12
-
|[Deny billing modification action](Deny-billing-modification-action.json)|Restrict IAM principals in accounts from making changes to the payment method and tax preferences, changing challenge questions, changing contact information.|
12
+
|[Deny billing modification action](Deny-billing-modification-action.json)|Restrict IAM principals in accounts from making changes to the payment method and tax preferences, changing contact information.|
13
13
|[Prevent any VPC that doesn't already have internet access from getting it](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_vpc.html#example_vpc_2)|Deny users or roles in any affected account from changing the configuration of your Amazon EC2 virtual private clouds (VPCs) to grant them direct access to the internet. It doesn't block existing direct access or any access that routes through your on-premises network environment.Note: Existing VPCs that have internet access retain their internet access.|
14
14
|[Deny Amazon Virtual Private Network (VPN) connections](Deny-Amazon-Virtual-Private-Network(VPN)-connection-creation-modification-deletion.json)|Restrict creation, modification or deletion actions on Virtual Private Network (VPN) connections (Site-to-Site VPN and Client VPN) to an Amazon Virtual Private Cloud (VPC).|
15
15
|[Deny unwarranted IAM Federation creation and modification](Deny-unwarranted-IAM-federations-creation-modification.json)|Restrict the creation of new and modification of existing IAM federation, this policy is usually used in conjunction with [Deny critical IAM user actions](Deny-critical-IAM-user-actions.json) to avoid unauthorized users from creating alternative access routes to AWS Accounts.|
0 commit comments