AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-04-03 · Documentation low

File: IAM/latest/UserGuide/access_policies.md

Summary

Updated references to 'Organizations' to 'AWS Organizations' for consistency and clarity in policy type documentation. Added AWS branding to service control policies (SCPs) and resource control policies (RCPs) throughout the document.

Security assessment

The changes are purely branding/nomenclature updates (adding 'AWS' to 'Organizations') and do not address security vulnerabilities or introduce new security features. The content discusses existing security controls (SCPs/RCPs) but does not add new security guidance.

Diff

diff --git a/IAM/latest/UserGuide/access_policies.md b/IAM/latest/UserGuide/access_policies.md
index d4b65ee74..b7c99d989 100644
--- a//IAM/latest/UserGuide/access_policies.md
+++ b//IAM/latest/UserGuide/access_policies.md
@@ -9 +9 @@ Policy typesPolicies and the root userOverview of JSON policiesGrant least privi
-Manage access in AWS by creating policies and attaching them to IAM identities (users, groups of users, or roles) or AWS resources. A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when an IAM principal (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied. Most policies are stored in AWS as JSON documents. AWS supports seven types of policies: identity-based policies, resource-based policies, permissions boundaries, Organizations service control policies (SCPs), Organizations resource control policies (RCPs), access control lists (ACLs), and session policies.
+Manage access in AWS by creating policies and attaching them to IAM identities (users, groups of users, or roles) or AWS resources. A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when an IAM principal (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied. Most policies are stored in AWS as JSON documents. AWS supports seven types of policies: identity-based policies, resource-based policies, permissions boundaries, AWS Organizations service control policies (SCPs), AWS Organizations resource control policies (RCPs), access control lists (ACLs), and session policies.
@@ -23 +23 @@ The following policy types, listed in order from most frequently used to less fr
-  * **Organizations SCPs** – Use an AWS Organizations service control policy (SCP) to define the maximum permissions for IAM users and IAM roles within accounts in your organization or organizational unit (OU). SCPs limit permissions that identity-based policies or resource-based policies grant to IAM users or IAM roles within the account. SCPs do not grant permissions.
+  * **AWS Organizations SCPs** – Use an AWS Organizations service control policy (SCP) to define the maximum permissions for IAM users and IAM roles within accounts in your organization or organizational unit (OU). SCPs limit permissions that identity-based policies or resource-based policies grant to IAM users or IAM roles within the account. SCPs do not grant permissions.
@@ -25 +25 @@ The following policy types, listed in order from most frequently used to less fr
-  * **Organizations RCPs** – Use an AWS Organizations resource control policy (RCP) to define the maximum permissions for resources within accounts in your organization or organizational unit (OU). RCPs limit permissions that identity-based and resource-based policies can grant to resources in accounts within your organization. RCPs do not grant permissions.
+  * **AWS Organizations RCPs** – Use an AWS Organizations resource control policy (RCP) to define the maximum permissions for resources within accounts in your organization or organizational unit (OU). RCPs limit permissions that identity-based and resource-based policies can grant to resources in accounts within your organization. RCPs do not grant permissions.
@@ -65 +65 @@ A permissions boundary is an advanced feature in which you set the maximum permi
-### Organizations service control policies (SCPs)
+### AWS Organizations service control policies (SCPs)
@@ -69 +69 @@ If you enable all features in an organization, then you can apply service contro
-For more information about Organizations and SCPs, see [Service control policies (SCPs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) in the _AWS Organizations User Guide_.
+For more information about AWS Organizations and SCPs, see [Service control policies (SCPs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) in the _AWS Organizations User Guide_.
@@ -71 +71 @@ For more information about Organizations and SCPs, see [Service control policies
-### Organizations resource control policies (RCPs)
+### AWS Organizations resource control policies (RCPs)
@@ -75 +75 @@ If you enable all features in an organization, then you can use resource control
-For more information about Organizations and RCPs including a list of AWS services that support RCPs, see [Resource control policies (RCPs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_rcps.html) in the _AWS Organizations User Guide_.
+For more information about AWS Organizations and RCPs including a list of AWS services that support RCPs, see [Resource control policies (RCPs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_rcps.html) in the _AWS Organizations User Guide_.
@@ -251 +251 @@ IAM provides several options to help you refine the permissions that you grant.
-  * **Use last accessed information** – Another feature that can help with least privilege is _last accessed information_. View this information on the **Access Advisor** tab on the IAM console details page for an IAM user, group, role, or policy. Last accessed information also includes information about the actions that were last accessed for some services, such as Amazon EC2, IAM, Lambda, and Amazon S3. If you sign in using AWS Organizations management account credentials, you can view service last accessed information in the **AWS Organizations** section of the IAM console. You can also use the AWS CLI or AWS API to retrieve a report for last accessed information for entities or policies in IAM or Organizations. You can use this information to identify unnecessary permissions so that you can refine your IAM or Organizations policies to better adhere to the principle of least privilege. For more information, see [Refine permissions in AWS using last accessed information](./access_policies_last-accessed.html).
+  * **Use last accessed information** – Another feature that can help with least privilege is _last accessed information_. View this information on the **Access Advisor** tab on the IAM console details page for an IAM user, group, role, or policy. Last accessed information also includes information about the actions that were last accessed for some services, such as Amazon EC2, IAM, Lambda, and Amazon S3. If you sign in using AWS Organizations management account credentials, you can view service last accessed information in the **AWS Organizations** section of the IAM console. You can also use the AWS CLI or AWS API to retrieve a report for last accessed information for entities or policies in IAM or AWS Organizations. You can use this information to identify unnecessary permissions so that you can refine your IAM or AWS Organizations policies to better adhere to the principle of least privilege. For more information, see [Refine permissions in AWS using last accessed information](./access_policies_last-accessed.html).