Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

🚀 25% OFF All Practice Exams, Video Courses, & eBooks – Cyber Sale Extension!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Professional If SCPs already deny, is an explicit IAM role in each account required to deny? Reply To: If SCPs already deny, is an explicit IAM role in each account required to deny?

  • m-agent

    Member
    November 18, 2024 at 10:56 pm

    Was similarly confused by this Q and chose the two config and SCP answers. It specifically states the AWS accounts are all under the same org, so the deny ec2:Runinstances in the SCP at the Org level should be sufficient and not require the IAM policy

Skip to content