Lab: Deploying AWS Service Control Policies (SCPs) via Terraform

How to deploy AWS Service Control Policies via Terraform

Already Know Terraform?

If you're already familiar with Terraform, feel free to hop over to the AWS Security Cookbook by Tyler GitHub repository to grab and deploy the code. Otherwise, stick around and we'll walk through it together!

Overview

The Terraform code for this module has been left in a simplified state (i.e., not using modules, loops, or other advanced Terraform features) to be more easily accessible. You can customize it further to meet your specific requirements.

Deployment

Cost Alert

SCP policies are a feature of AWS Organizations and are free to use.

See pricing details here: https://docs.aws.amazon.com/organizations/latest/userguide/pricing.html

# clone the AWS Security Cookbook repository
git clone https://github.com/Ty182/AWS-Security-Cookbook-by-Tyler

# navigate to AWS Service Control Policies (SCPs) directory
cd AWS_Cookbook_by_Tyler/recipes/aws_serviceControlPolicies/code

# initialize the directory and download the required terraform providers
terraform init

# check formatting and validate the syntax is correct
terraform fmt && terraform validate

# check the resources that will be created
terraform plan 

# deploy the resources
terraform apply

Once complete, head to the AWS Organizations console and check it out!

Cleanup

Clean up the resources

Avoid unnecessary costs by deleting the created resources

terraform destroy

PreviousAWS Service Control Policies (SCPs)NextTBD - Coming Soon!

Last updated 1 month ago

Was this helpful?