26 April 2023

Announcing SCPkit!

An open-source service control policies management tool

Dustin Whited
Dustin Whited Director, Security Engineering LinkedIn

We are proud to announce another open-source project from Aquia: SCPkit. This tool aids in the management of service control policies (SCP) in Amazon Web Services (AWS). SCPs are a form of guardrail that enforce permissions in AWS accounts.

What are SCPs?

Service Control Policies are managed in AWS Organizations and define the permission capability in member accounts.

SCPs are often used to restrict and enforce security controls and are an important part of a mature AWS security program. You can learn more about SCPs in the AWS Organizations documentation. Examples of SCPs are also available from AWS.

How does SCPkit Help?

SCPs have a current limit of five total per entity and a size limit on each of 5120 bytes. This tool will merge selected SCPs into the fewest amount of policies, and optionally remove whitespaces characters. This results in a denser policy document and enables more guardrails to be implemented per entity.

The code for this open-source project can be found on Aquia’s Github. The repository also contains instructions for use.

If you have any questions, or would like to discuss this topic in more detail, feel free to contact us and we would be happy to schedule some time to chat about how Aquia can help you and your organization.

Categories

aws security iac identity