As a part of policy design in your organization you might have noticed that the Access Enforcement via Gatelets policy does not block access to the Amazon Web Services while it works for other gatelets.

Amazon Web Services requires an additional Activity type condition in the policy configuration for the "Block activity" response rule to work for the login operations.

The required Activity condition is "Session" in the Object Accessed field and "Login" in the Access Type field.

To enable the field you need to configure the "Selective" option and select the Amazon Web Services exclusively in the Cloud Service condition as visible on the screenshot below:

The Amazon Web Services Gatelet Access Enforcement policy cannot be mixed with any other service in one policy as selecting more than one service in the Selective configuration will disable the Activities condition. This means that AWS requires a separate policy from other services such as Office 365.