Controls implemented with declarative policies - AWS Control Tower

Controls implemented with declarative policies

This section provides information about AWS Control Tower controls that are implemented by declarative policies from AWS Organizations. These are preventive controls. For more information about how declarative policies work as preventive controls in AWS Control Tower, see Declarative policies in the AWS Organizations documentation.

Declarative policies help you define and enforce your required configuration for specified AWS services, across your entire organization, at the OU level. When a declarative policy is applied, the configuration is maintained continuously.

Declarative policies are enforced in each AWS service's control plane, which is an important distinction from controls implemented by service control policies (SCPs). While SCPs regulate access to APIs, declarative policies are applied directly at the service level. This approach ensures that the specified configuration is enforced, even when new features or APIs are introduced by the service.

Available controls