We are proud to announce another open-source project from Aquia: SCPkit. This tool aids in the management of service control policies (SCP) in Amazon Web Services (AWS). SCPs are a form of guardrail that enforce permissions in AWS accounts.
Service Control Policies are managed in AWS Organizations and define the permission capability in member accounts.
SCPs are often used to restrict and enforce security controls and are an important part of a mature AWS security program. You can learn more about SCPs in the AWS Organizations documentation. Examples of SCPs are also available from AWS.
SCPs have a current limit of five total per entity and a size limit on each of 5120 bytes. This tool will merge selected SCPs into the fewest amount of policies, and optionally remove whitespaces characters. This results in a denser policy document and enables more guardrails to be implemented per entity.
The code for this open-source project can be found on Aquia’s Github. The repository also contains instructions for use.