Case Study

A PSU Achieves Governance and Compliance through SCP Enforcement and Regional Access Limitations Reduce Risks by Over 75%

Download the Case Study

Government and PSU


AWS Control Tower, AWS WAF, Amazon S3, AWS CloudFront, AWS IAM, AWS Systems Manager, Amazon SNS, Amazon RDS, AWS CloudTrail, Amazon EC2


Significant efficiency gains and risk reduction through secure landing zone setup, centralized monitoring, and SCP enforcement, enhancing governance and compliance while minimizing manual labor.

About the Client

The customer, an Indian oil and gas company, is owned by the Government of India’s Ministry of Petroleum and Natural Gas. Based in New Delhi, it operates as a public sector undertaking overseen by the same ministry.



Efficiency Enhancement


Monitoring Optimization


Risk Reduction Through Governance

The Challenge

The customer faced challenges configuring and maintaining a multi-account AWS system, leading to manual creation of four AWS accounts, increased complexity, and potential security risks. Lack of centralized monitoring made it difficult to track actions and compliance status, while managing costs across accounts was a burden.


  • The client’s AWS Organisations have implemented a multi-account structure using Organisational Units (OUs) to simplify cost tracking, enable hierarchical organization for improved policy enforcement, and ease account administration. 
  • Their organization has set up SCP (Service Control Policy) in AWS Control Tower to enforce certain tagging standards, guaranteeing uniform tagging procedures for cost allocation and resource management.  
  • By applying the concept of least privilege and establishing SSO in their AWS organization through the AWS IAM identity center, permission provisioning enables organizations to regulate and protect access to resources precisely, minimizing the risk of unauthorized access and mitigating security threats.  
  • Instead of keeping track of different bills for every AWS account, consolidated billing has been used in the client’s account to expedite their billing process with a single payment from the payer account. As a result, the payer account gets a single, all-inclusive bill that contains the whole amount of all connected accounts’ expenses. 
  • Logs Archive in AWS Control Tower has been leveraged so that their AWS organizations can easily access and analyze logs from a single location to multiple accounts, enabling efficient monitoring and troubleshooting. 

The Results

Setting up a secure landing zone eliminates 80% of manual labor, centralized logging reduces monitoring time by 60%, and SCP enforcement ensures over 75% risk reduction, enhancing governance and compliance.

Download the Case Study

AWS Partner - Migration Services Competency

Pioneering Migration space by being an AWS Partner - Migration Services Competency.

Learn more

An authorized partner for all major cloud providers

A cloud agnostic organization with the rare distinction of being an authorized partner for AWS, Microsoft, Google and VMware

Learn more

A house of strong pool of certified consulting experts

150+ cloud certified experts in AWS, Azure, GCP, VMware, etc.; delivered 200+ projects for top 100 fortune 500 companies.

Learn more

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!