Sonrai Security Releases Industry-First Risk Insights Engine 👉
Learn More
Search Login
Sonrai Security Logo
  • Product
    • Cloud Permissions FirewallA one-click solution to least privilege without disrupting DevOps.
    • CIEM +Discover, monitor & secure critical data.
    • Interactive TourExplore our products in a quick walkthrough.
      • Cloud Permissions Firewall Interactive Tour
A one-click solution to least privilege without disrupting DevOps.
      • CIEM + Interactive TourBreak toxic permission chains creating pathways to your data.
    • Start a 14- day free trial
    • Get Started
  • Solutions
        • Use Cases
          • Least Privilege
          • Third-Party Access
          • Just-in-Time Access
          • Privileged Access Management
          • Attack Path Disruption
          • Audit and Compliance
        • User Role
          • CloudOps
          • DevOps
          • Security
  • Pricing
  • Resources
        • Resource Library
        • Customer Stories
        • ACCESS
        • Blog
        • Webinars
        • Videos
        • From the research team
        • Cloud Permissions Firewall ROI
        • Identity Security Maturity Guide
        • ROI Calculator
        • Data Report: Cloud Access Risk
        • Get More Research
        • Read More
  • Customers
  • Company
    • About Us
      • Why Sonrai
      • Story & Leadership
      • Careers
      • News
    • Partners
      • Global System Integrators
      • Solution Providers
      • Empty Menu
    • Sign In Sign Up for Free
      Search Login
Sign In Sign Up for Free
Sonrai Security Logo
  • Product
    • Cloud Permissions FirewallA one-click solution to least privilege without disrupting DevOps.
    • CIEM +Discover, monitor & secure critical data.
    • Interactive TourExplore our products in a quick walkthrough.
      • Cloud Permissions Firewall Interactive Tour
A one-click solution to least privilege without disrupting DevOps.
      • CIEM + Interactive TourBreak toxic permission chains creating pathways to your data.
    • Start a 14- day free trial
    • Get Started
  • Solutions
        • Use Cases
          • Least Privilege
          • Third-Party Access
          • Just-in-Time Access
          • Privileged Access Management
          • Attack Path Disruption
          • Audit and Compliance
        • User Role
          • CloudOps
          • DevOps
          • Security
  • Pricing
  • Resources
        • Resource Library
        • Customer Stories
        • ACCESS
        • Blog
        • Webinars
        • Videos
        • From the research team
        • Cloud Permissions Firewall ROI
        • Identity Security Maturity Guide
        • ROI Calculator
        • Data Report: Cloud Access Risk
        • Get More Research
        • Read More
  • Customers
  • Company
    • About Us
      • Why Sonrai
      • Story & Leadership
      • Careers
      • News
    • Partners
      • Global System Integrators
      • Solution Providers
      • Empty Menu
    • Sign In Sign Up for Free
      Search Login

Interactive Product Tour

interactive tour Start a Tour Get a Demo
Search Login
Sonrai Security Logo
  • Product
    • Cloud Permissions FirewallA one-click solution to least privilege without disrupting DevOps.
    • CIEM +Discover, monitor & secure critical data.
    • Interactive TourExplore our products in a quick walkthrough.
      • Cloud Permissions Firewall Interactive Tour
A one-click solution to least privilege without disrupting DevOps.
      • CIEM + Interactive TourBreak toxic permission chains creating pathways to your data.
    • Start a 14- day free trial
    • Get Started
  • Solutions
        • Use Cases
          • Least Privilege
          • Third-Party Access
          • Just-in-Time Access
          • Privileged Access Management
          • Attack Path Disruption
          • Audit and Compliance
        • User Role
          • CloudOps
          • DevOps
          • Security
  • Pricing
  • Resources
        • Resource Library
        • Customer Stories
        • ACCESS
        • Blog
        • Webinars
        • Videos
        • From the research team
        • Cloud Permissions Firewall ROI
        • Identity Security Maturity Guide
        • ROI Calculator
        • Data Report: Cloud Access Risk
        • Get More Research
        • Read More
  • Customers
  • Company
    • About Us
      • Why Sonrai
      • Story & Leadership
      • Careers
      • News
    • Partners
      • Global System Integrators
      • Solution Providers
      • Empty Menu
    • Sign In Sign Up for Free
      Search Login

Interactive Product Tour

interactive tour Start a Tour Get a Demo
Search Login
Back to Resources

5 Free SCPs to Use Today

Get Your Free SCPs

Download these free and essential SCPs today to fortify your cloud security. These 5 SCPs help you with 5 very specific use cases to keep your cloud secure.

1. Prevent Perimeter Breaches

This SCP denies identities the ability to bypass network controls and helps prevent holes in your cloud perimeter. Specifically, it blocks identities that are not authorized by AWS IAM from using presigned URLs – an easy method to use to avoid authentication. Specifically, these help prevent unauthorized access to SageMaker resources and Lambda functions.

2. Block Tampering of Security Controls

This SCP addresses some common security controls your organization may want to protect, but it is not an exhaustive list. Specifically, it blocks the tampering of log monitoring and security controls in CloudTrail, EC2, GuardDuty, S3 and more.

3. Uphold Security Best Practices

This SCP is set to enforce some common best practices your organization may want to uphold moving forward. For example, your team may have turned on default encryption for EBS volumes to meet compliance measures, turned off over-permissive default VPCs, or blocked identities from creating IAM users and access keys. It is easy to add any other infrastructure element limitations that make sense for your organization; this is just a strong starting point.

4. Enforce Encryption of Files

This SCP will deny anyone from uploading unencrypted files to S3 – except for any known exceptions you want to add in. First, it denies any file upload that isn’t encrypted, and second, it must be a specific type of encryption. This is a great policy to use where you want centralized controls (as opposed to bucket by bucket access control) like in the case of a production account.

5. Enforce Separation of Duties

Limit who can attach IAM policies and prevent privilege escalation with this SCP. Again, this is not an exhaustive list of permissions, but does prevent manipulation of IAM users and roles. The second half allows you to identify an assigned role you want to perform IAM activities. Optional addition for SSO users.

Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Linkedin
Previous Resource Next Resource
Sonrai Main Logo
  • Solutions
    • Cloud Permissions Firewall
    • CIEM
  • Why Sonrai
    • Interactive Tour
  • Platform Details
    • Free Trial
    • Pricing
  • Use Case
    • Least Privilege
    • Third-Party Access
    • Just-in-Time Access
    • Privileged Access Management
    • Attack Path Disruption
    • Audit & Compliance
  • User Roles
    • CloudOps
    • DevOps
    • Security
  • Learn
    • Resource Library
    • Customer Stories
    • Access Summit
    • Blog
    • Videos
    • Webinars
    • Cloud Permissions Firewall ROI
  • Company
    • Why Sonrai
    • Story & Leadership
    • Careers
    • News
    • Awards & Recognition
    • Contact us
  • Partners
    • Global System Integrators
    • Solution Providers
  • Link to Twitter
  • Link to Linkedin

© 2025 Sonrai Security. All rights reserved

Privacy Policy  |  

Sonrai cloud security platform, products and services are covered by U.S. Patent Nos. 10,728,307, 11,134,085, and 12,218,982, together with other domestic and international patents pending. All rights reserved.

Scroll to top