Perform the following to create an SCP:
- Open a new file in your text editor, add your JSON policy document, and save it.
- Run the create-policy CLI command as follows. We're getting a little tricky with the tr command: here, we're using it to remove the carriage returns from the policy document, so pay close attention to the syntax in the example provided. Unfortunately, the organization's CLI doesn't allow us to provide the path to the policy document directly:
aws organizations create-policy
--content "$(tr -d ' ' < my-policy-file.json)"
--description "A policy description goes here"
--name "My policy"
--type SERVICE_CONTROL_POLICY
- If the preceding CLI command works successfully, some JSON will be returned to you containing the ID of the policy we just added. It will look something like the following:
p-o9to04s7
- You can now go ahead and attach this policy to the OU. Use the following CLI command to do this:
aws organizations attach-policy
--target-id <ou-or-aws-account-id>
--policy-id <policy-id>
- Unfortunately, the preceding command does not output anything if it ran successfully. You can double-check your handiwork in the AWS web console or use the following CLI command to verify that it worked:
aws organizations list-targets-for-policy
--policy-id <policy-id>