AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-04-03 · Documentation low

File: IAM/latest/UserGuide/access_policies_job-functions.md

Summary

Updated 'Organizations' to 'AWS Organizations' in policy description for consistency

Security assessment

Change is purely a terminology update to use full service name. No modification to security-related content or policy logic. Does not address vulnerabilities or introduce security documentation.

Diff

diff --git a/IAM/latest/UserGuide/access_policies_job-functions.md b/IAM/latest/UserGuide/access_policies_job-functions.md
index 25f2d8696..67b907a52 100644
--- a//IAM/latest/UserGuide/access_policies_job-functions.md
+++ b//IAM/latest/UserGuide/access_policies_job-functions.md
@@ -105 +105 @@ Allow your applications running on Amazon EC2 instances to access your AWS resou
-**Policy description:** The first statement of this policy uses the [NotAction](./reference_policies_elements_notaction.html) element to allow all actions for all AWS services and for all resources except AWS Identity and Access Management, AWS Organizations, and AWS Account Management. The second statement grants IAM permissions to create a service-linked role. This is required by some services that must access resources in another service, such as an Amazon S3 bucket. It also grants Organizations permissions to view information about the user's organization, including the management account email and organization limitations. Although this policy limits IAM, Organizations, it allows the user to perform all IAM Identity Center actions if IAM Identity Center is enabled. It also grants Account Management permissions to view which AWS Regions are enabled or disabled for the account.
+**Policy description:** The first statement of this policy uses the [NotAction](./reference_policies_elements_notaction.html) element to allow all actions for all AWS services and for all resources except AWS Identity and Access Management, AWS Organizations, and AWS Account Management. The second statement grants IAM permissions to create a service-linked role. This is required by some services that must access resources in another service, such as an Amazon S3 bucket. It also grants AWS Organizations permissions to view information about the user's organization, including the management account email and organization limitations. Although this policy limits IAM, AWS Organizations, it allows the user to perform all IAM Identity Center actions if IAM Identity Center is enabled. It also grants Account Management permissions to view which AWS Regions are enabled or disabled for the account.