AWS Partner Network (APN) Blog

Announcing AWS Partner Network Launch Partners for resource control policies

By Aliaksei Ivanou, Sr. WW Security & Identity PSA – AWS
By Harvinder Nagpal, Sr. WW Identity GTM Specialist – AWS

On November 13, 2024, AWS launched resource control policies (RCPs), a new type of policy in AWS Organizations to help customers centrally restrict external access to their AWS resources at scale to allow compliance with their organization’s access control guidelines. Today, we’re excited to announce our AWS Partner Network (APN) launch partners who integrated RCPs into their solutions and services to help our joint customers with multiple security related use-cases as mentioned below. These co-launch partners collaborated with AWS during the beta period while they integrated the feature into their offerings. Users of these platform will benefit from the additional layer of security control of their AWS estate.

RCPs are a type of authorization policy that can be used to centrally create and enforce preventative controls on AWS resources across AWS Organizations. RCPs complement service control policies (SCPs) which provide central control over the maximum permissions for IAM roles and users in the AWS Organizations. RCPs offer central control over the maximum permissions on AWS resources in the AWS Organizations. For an updated list of AWS services that support RCPs, refer to the list of services supporting RCPs.

Launch Partners

The following AWS Security Competency Partners have integrated with RCPs:

Tenable logo

Tenable Cloud Security is already factoring in RCPs to provide our customers with accurate analysis of entitlements in their cloud and better understand and prioritize risk.

Learn more: https://www.tenable.com/blog/new-aws-control-policy-on-the-block
Sonrai Security logo

Sonrai’s Cloud Permissions Firewall is using AWS RCPs to mitigate third-party access risks by restricting or blocking specific entities and enforcing a default-deny policy to help prevent future threats. With automated policy management, cloud operations teams can address third-party risks more quickly and effectively.

Learn more: https://sonraisecurity.com/blog/introducing-third-party-access-control-for-aws-rcp/
Wiz logo

Wiz will ingest RCPs in the Wiz engine for effective permissions’ management. Customers will benefit from Wiz and RCPs integration with the following use cases delivered through Wiz:

  1. Wiz will recommend customers to transition multiple resource-based policies to RCPs
  2. Wiz will include RCPs in the engine’s Effective Access output for effective access analysis
  3. Wiz will recommend customers to take actions based on the findings from their RCP usage

Learn more: https://www.wiz.io/partners/aws
Rapid7 logo

Rapid7’s Exposure Command is expanding to support AWS RCPs, complementing the previously supported AWS SCPs. Initial in-service capabilities include visibility of RCP usage across AWS cloud infrastructure and services; the ability to search for, inspect, and understand which resources are secured through RCPs; and best practices that guide customers in their adoption of this cutting-edge solution to complex IAM problems.

Learn more: https://www.rapid7.com/blog/post/2024/11/20/rapid7-extends-aws-support-to-include-coverage-for-newly-launched-resource-control-policies-rcps/
SentinelOne logo

SentinelOne’s support for resource control policies (RCPs) on AWS allows cloud administrators to secure access to resources confidently without restricting essential tools like SentinelOne’s Cloud Native Security (CNS). By centralizing access control rules for key resources, RCPs allow for quick configuration of policies and permit SentinelOne’s CNS to scan for issues, vulnerabilities, and attack paths, minimizing the risk of over-permissioning or unintended external access using SentinelOne’s CNS.

Learn more: https://www.sentinelone.com/blog/aws-integrations-enhancing-visibility-powering-threat-hunting

These partners bring a wealth of expertise in cloud security, compliance, and resource management. By leveraging their RCP-integrated solutions, AWS customers can:

  • Gain centralized control over resource usage
  • Rapidly operationalize security across AWS resources in the organization
  • Simplify policy enforcement and compliance monitoring
  • Enhance overall cloud governance and risk management

We’re excited to see how customers will use these partner solutions to extract maximum value from RCPs and drive greater efficiency, security, and compliance across their AWS environments.

These APN Partners are ready to assist you in assessing your RCP requirements, designing the right implementation approach, and providing ongoing support to allow you to maximize the value of this new AWS capability.

Contact your AWS account team to discuss how RCPs and our launch partner collaboration can address your cloud security challenges. We’re eager to see how you’ll use RCPs and these partner solutions to improve your cloud security posture.

Learn more about RCPs on this blog and this documentation.