StackZone Restrict All GuardRails

This Service Control Policy restricts services usage except IAM in the target account. This is an extremely restrictive GuardRail meant to be applied only under certain circumstances. Useful if you want to quarantine or lock off an account to ensure that no new services or resources are created or modified with the exception of IAM.