Building and scaling AWS Service Control Policies (SCPs) for platform governance

CHECKKKKK Service control policies (SCPs) are an effective way to establish a security posture in AWS, yet many platform teams struggle to implement them without breaking developer workflows. This interactive workshop provides a practical guide for writing and deploying guardrails that scale.

Attendees will participate in a live coding session to build and implement specific SCPs designed to protect critical cloud infrastructure. The session will focus on the logic required to block tampering with security controls, enforce data encryption, and restrict AI usage patterns.

Participants will leave with a functional set of SCPs and a repeatable workflow for governing permissions at the organizational level.
Technical Prerequisites (to participate hands-on): AWS account setup, management account: ensure you have access to the AWS management account. You might want to have a sandbox AWS organization with full access to the management account and at least one additional AWS account you can make breaking changes to. Sandbox Account: - Create or have access to an additional AWS account to use as a sandbox environment using AWS Organizations. This will be used for testing the SCPs you create Service Control Policies (SCPs): - Familiarize yourself with the SCPs we're going to work with. AWS Console: - We're working out of the AWS Console.