AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-07-16 · Documentation medium

File: prescriptive-guidance/latest/privacy-reference-architecture/restrict-data-transfers-across-regions.md

Summary

Removed SCP policy enforcing regional data transfer restrictions

Security assessment

Eliminated data sovereignty control documentation without security incident context

Diff

diff --git a/prescriptive-guidance/latest/privacy-reference-architecture/restrict-data-transfers-across-regions.md b/prescriptive-guidance/latest/privacy-reference-architecture/restrict-data-transfers-across-regions.md
index 5d4a8ee7f..8666e150d 100644
--- a//prescriptive-guidance/latest/privacy-reference-architecture/restrict-data-transfers-across-regions.md
+++ b//prescriptive-guidance/latest/privacy-reference-architecture/restrict-data-transfers-across-regions.md
@@ -13,69 +12,0 @@ With the exception of two AWS Identity and Access Management (IAM) roles, this s
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Sid": "DenyAllOutsideEU",
-                "Effect": "Deny",
-                "NotAction": [
-                    "a4b:*",
-                    "acm:*",
-                    "aws-marketplace-management:*",
-                    "aws-marketplace:*",
-                    "aws-portal:*",
-                    "budgets:*",
-                    "ce:*",
-                    "chime:*",
-                    "cloudfront:*",
-                    "config:*",
-                    "cur:*",
-                    "directconnect:*",
-                    "ec2:DescribeRegions",
-                    "ec2:DescribeTransitGateways",
-                    "ec2:DescribeVpnGateways",
-                    "fms:*",
-                    "globalaccelerator:*",
-                    "health:*",
-                    "iam:*",
-                    "importexport:*",
-                    "kms:*",
-                    "mobileanalytics:*",
-                    "networkmanager:*",
-                    "organizations:*",
-                    "pricing:*",
-                    "route53:*",
-                    "route53domains:*",
-                    "route53-recovery-cluster:*",
-                    "route53-recovery-control-config:*",
-                    "route53-recovery-readiness:*",
-                    "s3:GetAccountPublic*",
-                    "s3:ListAllMyBuckets",
-                    "s3:ListMultiRegionAccessPoints",
-                    "s3:PutAccountPublic*",
-                    "shield:*",
-                    "sts:*",
-                    "support:*",
-                    "trustedadvisor:*",
-                    "waf-regional:*",
-                    "waf:*",
-                    "wafv2:*",
-                    "wellarchitected:*"
-                ],
-                "Resource": "*",
-                "Condition": {
-                    "StringNotEquals": {
-                        "aws:RequestedRegion": [
-                            "eu-central-1",
-                            "eu-west-1"
-                        ]
-                    },
-                    "ArnNotLike": {
-                        "aws:PrincipalARN": [
-                            "arn:aws:iam::*:role/Role1AllowedToBypassThisSCP",
-                            "arn:aws:iam::*:role/Role2AllowedToBypassThisSCP"
-                        ]
-                    }
-                }
-            }
-        ]
-    }
-