Set up suspension of an AWS account using service control policy

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:3分

    • Set up a restriction on cloud account creation. For example, when the account owner isn’t in the organization or if there are budget constraints. Using Cloud Account Management, admin adds the account number to the AWS organization's service control policy, promoting existing accounts to continue to function normally while blocking new account creation.

    始める前に

    Verify you have saved the CloudFormation template. For more details, see Configuring Service Control Policy in AWS.

    Role required: AWS admin

    手順

    1. Log in to the AWS Management console.
    2. Enter CloudFormation in the search bar and then select it.
    3. On the CloudFormation console, select Create Stack.
    4. On the Create Stack page, select Choose an existing template > Upload a template file > Choose file to choose a template file from your local computer.
    5. Select Next to continue and to validate the template.
    6. On the Specify stack details page, enter a CloudFormation stack name in the Stack name field.

      The stack name is an identifier that helps you find a particular stack from a list of stacks. A stack name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and can't be longer than 128 characters.

    7. Select Next and then select Submit.

    タスクの結果

    Once the CloudFormation Template (CFT) creates the policy, an Amazon Resource Name (ARN) is assigned. An ARN typically follows the format: 
    arn:aws:organizations::1234567890:policy/o-99t3h155el/service_control_policy/p-328wg3yb

    To view the ARN, go to AWS Organization > Policies > Service control policies > CAM_SCP_SupsendAccount_policy.

    The key element that you must provide to the ServiceNow AI Platform admin is the policy element, which in this example is: p-328wg3yb.

    次のタスク

    Provisioning modes for Cloud Account Management in Cloud Workspace