Resource control policies
New security feature to help you establish a data perimeter.
Resource control policy (RCP) is a type of preventative control that help you establish a data perimeter in your AWS environment and restrict external access to resources at scale. Enforced centrally within Organizations, RCPs provide confidence to the central governance and security teams that access to resources within their AWS accounts conforms to their organization’s access control guidelines.
Using RCPs, you can centrally set the maximum available permissions to your AWS resources as you scale your workloads on AWS. For example, an RCP can help enforce the requirement that “no principal outside my organization can access Amazon S3 buckets in my organization,” regardless of the permissions granted through individual bucket policies. RCPs complement service control policies (SCPs), an existing type of organization policy. While SCPs offer central control over the maximum permissions for IAM roles and users in your organization, RCPs offer central control over the maximum permissions on AWS resources in your organization.
Discover how AWS partners like CYBR, Wiz, and Cyscale are adopting and talking about RCPs.
Read the full blog here.
