Issue
Can an AWS organization account stop or block child AWS accounts from launching public AWS EC2 instances having elastic ip? Would like those users within those accounts to launch only private ec2(s).
Is there any other way if not SCP?
Regards,
Solution
There's a couple of ways. SCP via AWS Config is one, you can use the ec2-instance-no-public-ip or subnet-auto-assign-public-ip-disabled rules. And you also have option to control it via IAM by denying the AllocateAddress permission
Answered By - Oscar De León Answer Checked By - Senaida (WPSolving Volunteer)