Is there an AWS SCP to deny Transfer of elastic IP's from one account to another?

Asked Jun 13 '23 at 23:09

Active Jun 13 '23 at 23:23

Viewed 35 times

I have done research and came across the scp below but after implementation, i am still able to transfer an elastic IP from one account to another. Is there any change i need to make the policy? the goal is to deny transfer of elastic IP's entirely between our accounts. I will greatly appreciate any inputs.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "DenyEnableAddressTransfer",
      "Effect": "Deny",
      "Action": "ec2:EnableAddressTransfer",
      "Resource": "*"
    }
  ]
}

I have tried to implement the policy i listed above and expected to get an error when transferring Elastic Ip from one account to another, but that did not work as i was still able to transfer the IP.

edited Jun 13 '23 at 23:23

jarmod

71,565
16
115
122

asked Jun 13 '23 at 23:09

Larry

Did you disable address transfer for your EIPs first? – sytech Jun 13 '23 at 23:24
Yes i have and i get this error message "The following addresses will not be disabled for transfer since they are not enabled for transfer" Basically what i want to achieve with the SCP is that when anyone tries to transfer an EIP from one account to another, they should be denied. – Larry Jun 14 '23 at 21:52

Is there an AWS SCP to deny Transfer of elastic IP's from one account to another?

0 Answers0