Skip to content
/ Secure-Cloud-Architecture-with-SCPs-and-OPCs Public

Repository containing best practices for securing cloud architectures using SCPs and OPCs, with sample policies and implementation scripts to enforce a holistic security posture

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TanishkaMarrott/Secure-Cloud-Architecture-with-SCPs-and-OPCs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
policies
policies
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Enforcing Security Best Practices with AWS SCPs and GCP OPCs

Overview

This repository is dedicated to showcasing effective strategies for implementing Organizational Policies (OPCs) and Service Control Policies (SCPs) in cloud environments to achieve a holistic security posture.

This includes detailed code snippets, configuration files, and real-world use cases to help you secure your cloud infrastructure.

Repository Structure

  • /policies: Contains sample Organizational Policies and Service Control Policies.

Key Features

  • Top 5 Organizational Policies (OPCs):

    • Restrict VMs from having external IPs (compute.vmExternalIpAccess)
    • Enforce HTTPS communication for GCS (storage.requireTls)
    • Disable OS Login for SSH access (compute.disableOsLogin)
    • Require Uniform Bucket-Level Access on GCS (storage.uniformBucketLevelAccess)
    • Restrict Public IPs for SQL Instances (sql.restrictPublicIp)

  • Top 5 Service Control Policies (SCPs):

    • Deny Disablement of Security Monitoring (ec2:DisableVpcClassicLink)
    • Prevent Deletion of Logging Buckets (s3:DeleteBucket)
    • Deny IAM Policies with Wildcards (iam:PassRole)
    • Require MFA for IAM Actions (iam:ChangePassword)
    • Enforce KMS Key Usage for Encryption (kms:Decrypt)

Value-Add

Implementing these policies enhances your cloud environment's security by reducing exposure to potential threats, ensuring compliance with industry standards, and automating security enforcement across your organization.

Getting Started

  1. Clone the repository:

    git clone https://github.com/TanishkaMarrott/Secure-Cloud-Architecture-with-SCPs-and-OPCs.git

  2. Navigate to the repository:

    cd Secure-Cloud-Architecture-with-SCPs-and-OPCs

  3. Review the policies:

    • Browse the /policies directory to see the Organizational Policies and Service Control Policies.

  4. Apply the policies:

    • Use the scripts in /scripts to apply the policies in your cloud environment.

Contribution

We welcome contributions from the community! If you have additional policies, use cases, or enhancements, please feel free to submit a pull request.

License

This repository is licensed under the MIT License. See LICENSE for more information.

About

Repository containing best practices for securing cloud architectures using SCPs and OPCs, with sample policies and implementation scripts to enforce a holistic security posture

Topics

aws iam gcp cloud-infrastructure security-architecture cloud-security cloud-architecture

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published