Prevent users from disabling Amazon Config or changing its rules

Example SCPs for Amazon Config

Topics

Prevent users from disabling Amazon Config or changing its rules

Prevent users from disabling Amazon Config or changing its rules

This SCP prevents users or roles in any affected account from running Amazon Config operations that could disable Amazon Config or alter its rules or triggers.


{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Action": [
        "config:DeleteConfigRule",
        "config:DeleteConfigurationRecorder",
        "config:DeleteDeliveryChannel",
        "config:StopConfigurationRecorder"
      ],
      "Resource": "*"
    }
  ]
}

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Amazon CloudWatch

Amazon EC2