Service Control Policy

An AWS Organizations policy attached to an account or OU that constrains what IAM principals inside the account can do. Used in forensic readiness to deny `cloudtrail:StopLogging`, `cloudtrail:DeleteTrail` and `s3:DeleteBucketPolicy` on the audit bucket.

Explained in

Cloud Logging, VM Snapshots and Cloud Incident Response

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learning Create Your Account

Service Control Policy

Explained in

Related terms

Your journey to becoming a forensic professional starts here.