About Service Control Policies (SCPs) - AWS SCS-C03 (Lesson 9) скачать в хорошем качестве

About Service Control Policies (SCPs) - AWS SCS-C03 (Lesson 9)

Thanks to Sonrai Security for making this lesson free! Learn how their Cloud Permissions Firewall can enable least privilege for your cloud in a single click and with zero disruption: https://cybr.com/sonrai In this lesson from my AWS Certified Security Specialty (SCS-C03) course, we take a deep dive into Service Control Policies (SCPs) and how they’re used to enforce guardrails across AWS accounts. You’ll learn what SCPs are (and what they are not), how they differ from IAM and resource-based policies, and why they are one of the most powerful governance tools available in AWS Organizations. We walk through the built-in FullAWSAccess SCP, explain the deny-by-default model, and then create a real-world SCP that restricts EC2 instance types to control costs and reduce blast radius in the event of a compromise. We also cover how SCPs are evaluated, what “effective permissions” means, where SCPs do and do not apply, and common pitfalls you need to understand both for the SCS-C03 exam and real production environments. #AWSSecuritySpecialty #ServiceControlPolicies #AWSOrganizations #IAM #CloudSecurity