Example SCPs for Amazon Config
Prevent users from disabling Amazon Config or changing its rules
This SCP prevents users or roles in any affected account from running Amazon Config operations that could disable Amazon Config or alter its rules or triggers.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": [ "config:DeleteConfigRule", "config:DeleteConfigurationRecorder", "config:DeleteDeliveryChannel", "config:StopConfigurationRecorder" ], "Resource": "*" } ] }