Boundary用 IAMポリシー設定内容1 { "Effect": "Deny", "Action": [ "iam:CreateUser" ], "Resource": "*" }, { "Sid": "DenyCreateOrChangeRoleWithoutBoundary", "Effect": "Deny", "Action": [ "iam:CreateRole", "iam:PutRolePolicy", "iam:DeleteRolePolicy", "iam:AttachRolePolicy", "iam:DetachRolePolicy", "iam:PutRolePermissionsBoundary" ], "Resource": "*", "Condition": { "StringNotEquals": { "iam:PermissionsBoundary": arn:aws:iam::[AccountID]:policy/RolePermissionsBoundary" } } }, DenyするActionを記載 ※SCPで記載済みであれば追加でDenyするAction Permissions Boundaryが付いてない場合は作成をDeny