Is there an AWS SCP to deny Transfer of elastic IP's from one account to another?

145 Views Asked by At

I have done research and came across the scp below but after implementation, i am still able to transfer an elastic IP from one account to another. Is there any change i need to make the policy? the goal is to deny transfer of elastic IP's entirely between our accounts. I will greatly appreciate any inputs.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "DenyEnableAddressTransfer",
      "Effect": "Deny",
      "Action": "ec2:EnableAddressTransfer",
      "Resource": "*"
    }
  ]
}

I have tried to implement the policy i listed above and expected to get an error when transferring Elastic Ip from one account to another, but that did not work as i was still able to transfer the IP.

0

There are 0 best solutions below