Seshu Pasam spasam

## aws-credential-actions.json
[
  "airflow:CreateCliToken",
  "airflow:CreateWebLoginToken",
  "amplifybackend:CreateToken",
  "amplifybackend:GetToken",
  "amplifyuibuilder:ExchangeCodeForToken",
  "amplifyuibuilder:RefreshToken",
  "appsync:CreateApiKey",
  "appsync:ListApiKeys",
  "appsync:UpdateApiKey",

## aws-scp-network.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "RestrictAccessBasedOnNetwork",
      "Effect": "Deny",
      "Action": [
        "*"
      ],
      "Resource": [

## aws-scp-ec2-sprawl.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Action": "*",
      "Resource": "*",
      "Condition": {
        "StringNotEquals": {
          "aws:ec2InstanceSourceVPC": "${aws:SourceVpc}"

## aws-scp-ec2-imdsv1.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Action": "*",
      "Resource": "*",
      "Condition": {
        "NumericLessThan": {
          "ec2:RoleDelivery": "2.0"

## aws-scp-ram-share.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DenySharingOutsideOrganization",
            "Effect": "Deny",
            "Action": [
                "ram:AcceptResourceShareInvitation",
                "ram:AssociateResourceShare",
                "ram:CreateResourceShare",

## aws-scp-s3-acl.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DenyS3ACLPermissions",
            "Effect": "Deny",
            "Action": [
                "s3:PutObjectAcl",
                "s3:GetObjectAcl",
                "s3:PutBucketAcl",

## aws-scp-restrict-orgs.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowAccessToMultipleOrgs",
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*",
            "Condition": {
                "StringLike": {

## aws-scp-restrict-org.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "RestrictAccessToOrg",
            "Effect": "Deny",
            "Action": "*",
            "Resource": "*",
            "Condition": {
                "StringNotEquals": {

## aws-scp-vpc-vpn.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "GRDISALLOWVPNCONNECTIONS",
      "Effect": "Deny",
      "Action": [
        "ec2:CreateVPNGateway",
        "ec2:AttachVPNGateway",
        "ec2:CreateCustomerGateway",

## aws-scp-vpc-internet.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "GRDISALLOWVPCINTERNETACCESS",
      "Effect": "Deny",
      "Action": [
        "ec2:CreateInternetGateway",
        "ec2:AttachInternetGateway",
        "ec2:CreateEgressOnlyInternetGateway",
	[
	"airflow:CreateCliToken",
	"airflow:CreateWebLoginToken",
	"amplifybackend:CreateToken",
	"amplifybackend:GetToken",
	"amplifyuibuilder:ExchangeCodeForToken",
	"amplifyuibuilder:RefreshToken",
	"appsync:CreateApiKey",
	"appsync:ListApiKeys",
	"appsync:UpdateApiKey",
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "RestrictAccessBasedOnNetwork",
	"Effect": "Deny",
	"Action": [
	"*"
	],
	"Resource": [
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "DenySharingOutsideOrganization",
	"Effect": "Deny",
	"Action": [
	"ram:AcceptResourceShareInvitation",
	"ram:AssociateResourceShare",
	"ram:CreateResourceShare",
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "DenyS3ACLPermissions",
	"Effect": "Deny",
	"Action": [
	"s3:PutObjectAcl",
	"s3:GetObjectAcl",
	"s3:PutBucketAcl",
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "AllowAccessToMultipleOrgs",
	"Effect": "Allow",
	"Action": "*",
	"Resource": "*",
	"Condition": {
	"StringLike": {
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "RestrictAccessToOrg",
	"Effect": "Deny",
	"Action": "*",
	"Resource": "*",
	"Condition": {
	"StringNotEquals": {
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "GRDISALLOWVPNCONNECTIONS",
	"Effect": "Deny",
	"Action": [
	"ec2:CreateVPNGateway",
	"ec2:AttachVPNGateway",
	"ec2:CreateCustomerGateway",
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "GRDISALLOWVPCINTERNETACCESS",
	"Effect": "Deny",
	"Action": [
	"ec2:CreateInternetGateway",
	"ec2:AttachInternetGateway",
	"ec2:CreateEgressOnlyInternetGateway",