AWS Security ChangesHomeSearch

AWS outposts high security documentation change

Service: outposts · 2025-10-01 · Security-related high

File: outposts/latest/userguide/private-connectivity.md

Summary

Added sample Security Control Policy (SCP) to prevent deletion of Outposts anchor networking resources

Security assessment

Introduces proactive security controls using SCPs to protect critical Outposts infrastructure from accidental/malicious deletion. Directly addresses security hardening through resource protection policies.

Diff

diff --git a/outposts/latest/userguide/private-connectivity.md b/outposts/latest/userguide/private-connectivity.md
index 390f743ac..236c79262 100644
--- a//outposts/latest/userguide/private-connectivity.md
+++ b//outposts/latest/userguide/private-connectivity.md
@@ -40,0 +41,18 @@ Do not delete this VPC as it maintains the connection to your Outposts.
+  * Use [Security control policies (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) to protect this VPC from being deleted.
+
+The following sample SCP prevents the following from deletion:
+
+    * Subnet tagged **Outposts Anchor Subnet**
+
+    * VPC tagged **Outposts Anchor VPC**
+
+    * Route tables tagged **Outposts Anchor Route Table**
+
+    * Transit gateway tagged **Outposts Transit Gateway**
+
+    * Virtual Private Gateway tagged **Outposts Virtual Private Gateway**
+
+    * Transit gateway route table tagged **Outposts Transit Gateway Route Table**
+
+    * Any ENI with the tag **Outposts Anchor ENI**
+