Recommended Best Practices

• Use Service Control Policies (SCPs): SCPs let you set permission guardrails for all (or a subset of) accounts in your AWS Organization. For your Savings Pods, set an SCP that explicitly denies all actions except those required for cost and usage reporting. This helps enforce “read-only” and blocks creation/modification of workloads or network changes in the pod accounts. Read more about SCPs.

• Monitor Pod Activity Regularly: North.Cloud continuously self-monitors all savings pods for unauthorized actions or unexpected spend spikes. You can review this monitoring data directly in your North.Cloud app for additional transparency and auditing.

• Review Audit Logs: Enable CloudTrail or AWS account activity monitoring to view all actions performed within your organization. Regularly review for unexpected changes or access patterns.

Following these practices, along with North's built-in monitoring and least-permissive configuration, maximizes your security and control.