AWS IAM documentation change
Summary
Updated documentation to consistently use 'AWS Organizations' instead of 'Organizations' throughout the file, including headings, console references, CLI/API sections, and procedural steps. Added 'AWS' prefix to improve product name clarity.
Security assessment
Changes are purely terminological/consistency updates without addressing specific vulnerabilities or introducing new security capabilities. The updates clarify existing security-related functionality (SCP monitoring) but do not indicate a security fix or new feature.
Diff
diff --git a/IAM/latest/UserGuide/access_policies_last-accessed-view-data-orgs.md b/IAM/latest/UserGuide/access_policies_last-accessed-view-data-orgs.md index dc278ea0e..852c6f17b 100644 --- a//IAM/latest/UserGuide/access_policies_last-accessed-view-data-orgs.md +++ b//IAM/latest/UserGuide/access_policies_last-accessed-view-data-orgs.md @@ -5 +5 @@ -Understand the AWS Organizations entity pathViewing information for Organizations (console)Viewing information for Organizations (AWS CLI)Viewing information for Organizations (AWS API) +Understand the AWS Organizations entity pathViewing information for AWS Organizations (console)Viewing information for AWS Organizations (AWS CLI)Viewing information for AWS Organizations (AWS API) @@ -7 +7 @@ Understand the AWS Organizations entity pathViewing information for Organization -# View last accessed information for Organizations +# View last accessed information for AWS Organizations @@ -11 +11 @@ You can view service last accessed information for AWS Organizations using the I -When you sign in to the IAM console using AWS Organizations management account credentials, you can view information for any entity in your organization. Organizations entities include the organization root, organizational units (OUs), and accounts. You can also use the IAM console to view information for any service control policies (SCPs) in your organization. IAM shows a list of services that are allowed by any SCPs that apply to the entity. For each service, you can view the most recent account activity information for the chosen Organizations entity or the entity's children. +When you sign in to the IAM console using AWS Organizations management account credentials, you can view information for any entity in your organization. AWS Organizations entities include the organization root, organizational units (OUs), and accounts. You can also use the IAM console to view information for any service control policies (SCPs) in your organization. IAM shows a list of services that are allowed by any SCPs that apply to the entity. For each service, you can view the most recent account activity information for the chosen AWS Organizations entity or the entity's children. @@ -13 +13 @@ When you sign in to the IAM console using AWS Organizations management account c -When you use the AWS CLI or AWS API with management account credentials, you can generate a report for any entities or policies in your organization. A programmatic report for an entity includes a list of services that are allowed by any SCPs that apply to the entity. For each service, the report includes the most recent activity for accounts in the specified Organizations entity or the entity's subtree. +When you use the AWS CLI or AWS API with management account credentials, you can generate a report for any entities or policies in your organization. A programmatic report for an entity includes a list of services that are allowed by any SCPs that apply to the entity. For each service, the report includes the most recent activity for accounts in the specified AWS Organizations entity or the entity's subtree. @@ -15 +15 @@ When you use the AWS CLI or AWS API with management account credentials, you can -When you generate a programmatic report for a policy, you must specify an Organizations entity. This report includes a list of services that are allowed by the specified SCP. For each service, it includes the most recent account activity in the entity or entity's children that are granted permission by that policy. For more information, see [aws iam generate-organizations-access-report](https://docs.aws.amazon.com/cli/latest/reference/iam/generate-organizations-access-report.html) or [GenerateOrganizationsAccessReport](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html). +When you generate a programmatic report for a policy, you must specify an AWS Organizations entity. This report includes a list of services that are allowed by the specified SCP. For each service, it includes the most recent account activity in the entity or entity's children that are granted permission by that policy. For more information, see [aws iam generate-organizations-access-report](https://docs.aws.amazon.com/cli/latest/reference/iam/generate-organizations-access-report.html) or [GenerateOrganizationsAccessReport](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html). @@ -21 +21 @@ Before you view the report, make sure that you understand the management account -When you use the AWS CLI or AWS API to generate an AWS Organizations access report, you must specify an entity path. A path is a text representation of the structure of an Organizations entity. +When you use the AWS CLI or AWS API to generate an AWS Organizations access report, you must specify an entity path. A path is a text representation of the structure of an AWS Organizations entity. @@ -41 +41 @@ Organization IDs are globally unique but OU IDs and root IDs are unique only wit -## Viewing information for Organizations (console) +## Viewing information for AWS Organizations (console) @@ -47 +47 @@ You can use the IAM console to view service last accessed information for your r - 1. Sign in to the AWS Management Console using Organizations management account credentials, and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/). + 1. Sign in to the AWS Management Console using AWS Organizations management account credentials, and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/). @@ -59 +59 @@ You can use the IAM console to view service last accessed information for your r - 7. Choose **Edit in AWS Organizations** to view additional details and edit the SCP in the Organizations console. For more information, see [Updating an SCP](https://docs.aws.amazon.com/organizations/latest/userguide/create-policy.html#update_policy) in the _AWS Organizations User Guide_. + 7. Choose **Edit in AWS Organizations** to view additional details and edit the SCP in the AWS Organizations console. For more information, see [Updating an SCP](https://docs.aws.amazon.com/organizations/latest/userguide/create-policy.html#update_policy) in the _AWS Organizations User Guide_. @@ -66 +66 @@ You can use the IAM console to view service last accessed information for your r - 1. Sign in to the AWS Management Console using Organizations management account credentials, and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/). + 1. Sign in to the AWS Management Console using AWS Organizations management account credentials, and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/). @@ -78 +78 @@ You can use the IAM console to view service last accessed information for your r - 7. Choose **Edit in AWS Organizations** to view additional details and edit the SCP in the Organizations console. For more information, see [Updating an SCP](https://docs.aws.amazon.com/organizations/latest/userguide/create-policy.html#update_policy) in the _AWS Organizations User Guide_. + 7. Choose **Edit in AWS Organizations** to view additional details and edit the SCP in the AWS Organizations console. For more information, see [Updating an SCP](https://docs.aws.amazon.com/organizations/latest/userguide/create-policy.html#update_policy) in the _AWS Organizations User Guide_. @@ -85 +85 @@ You can use the IAM console to view service last accessed information for your r - 1. Sign in to the AWS Management Console using Organizations management account credentials, and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/). + 1. Sign in to the AWS Management Console using AWS Organizations management account credentials, and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/). @@ -100 +100 @@ You can use the IAM console to view service last accessed information for your r - 1. Sign in to the AWS Management Console using Organizations management account credentials, and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/). + 1. Sign in to the AWS Management Console using AWS Organizations management account credentials, and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/). @@ -108 +108 @@ You can use the IAM console to view service last accessed information for your r - 5. Choose **Edit in AWS Organizations** to view additional details and edit the SCP in the Organizations console. For more information, see [Updating an SCP](https://docs.aws.amazon.com/organizations/latest/userguide/create-policy.html#update_policy) in the _AWS Organizations User Guide_. + 5. Choose **Edit in AWS Organizations** to view additional details and edit the SCP in the AWS Organizations console. For more information, see [Updating an SCP](https://docs.aws.amazon.com/organizations/latest/userguide/create-policy.html#update_policy) in the _AWS Organizations User Guide_. @@ -113 +113 @@ You can use the IAM console to view service last accessed information for your r -## Viewing information for Organizations (AWS CLI) +## Viewing information for AWS Organizations (AWS CLI) @@ -115 +115 @@ You can use the IAM console to view service last accessed information for your r -You can use the AWS CLI to retrieve service last accessed information for your Organizations root, OU, account, or policy. +You can use the AWS CLI to retrieve service last accessed information for your AWS Organizations root, OU, account, or policy. @@ -117 +117 @@ You can use the AWS CLI to retrieve service last accessed information for your O -###### To view Organizations service last accessed information (AWS CLI) +###### To view AWS Organizations service last accessed information (AWS CLI) @@ -119 +119 @@ You can use the AWS CLI to retrieve service last accessed information for your O - 1. Use your Organizations management account credentials with the required IAM and Organizations permissions, and confirm that SCPs are enabled for your root. For more information, see [Things to know about last accessed information](./access_policies_last-accessed.html#access_policies_last-accessed-know). + 1. Use your AWS Organizations management account credentials with the required IAM and AWS Organizations permissions, and confirm that SCPs are enabled for your root. For more information, see [Things to know about last accessed information](./access_policies_last-accessed.html#access_policies_last-accessed-know). @@ -121 +121 @@ You can use the AWS CLI to retrieve service last accessed information for your O - 2. Generate a report. The request must include the path of the Organizations entity (root, OU, or account) for which you want a report. You can optionally include an `organization-policy-id` parameter to view a report for a specific policy. The command returns a `job-id` that you can then use in the `get-organizations-access-report` command to monitor the `job-status` until the job is complete. + 2. Generate a report. The request must include the path of the AWS Organizations entity (root, OU, or account) for which you want a report. You can optionally include an `organization-policy-id` parameter to view a report for a specific policy. The command returns a `job-id` that you can then use in the `get-organizations-access-report` command to monitor the `job-status` until the job is complete. @@ -134 +134 @@ This command returns a list of services that entity members can access. For each -## Viewing information for Organizations (AWS API) +## Viewing information for AWS Organizations (AWS API) @@ -136 +136 @@ This command returns a list of services that entity members can access. For each -You can use the AWS API to retrieve service last accessed information for your Organizations root, OU, account, or policy. +You can use the AWS API to retrieve service last accessed information for your AWS Organizations root, OU, account, or policy. @@ -138 +138 @@ You can use the AWS API to retrieve service last accessed information for your O -###### To view Organizations service last accessed information (AWS API) +###### To view AWS Organizations service last accessed information (AWS API) @@ -140 +140 @@ You can use the AWS API to retrieve service last accessed information for your O - 1. Use your Organizations management account credentials with the required IAM and Organizations permissions, and confirm that SCPs are enabled for your root. For more information, see [Things to know about last accessed information](./access_policies_last-accessed.html#access_policies_last-accessed-know). + 1. Use your AWS Organizations management account credentials with the required IAM and AWS Organizations permissions, and confirm that SCPs are enabled for your root. For more information, see [Things to know about last accessed information](./access_policies_last-accessed.html#access_policies_last-accessed-know). @@ -142 +142 @@ You can use the AWS API to retrieve service last accessed information for your O - 2. Generate a report. The request must include the path of the Organizations entity (root, OU, or account) for which you want a report. You can optionally include an `OrganizationsPolicyId` parameter to view a report for a specific policy. The operation returns a `JobId` that you can then use in the `GetOrganizationsAccessReport` operation to monitor the `JobStatus` until the job is complete. + 2. Generate a report. The request must include the path of the AWS Organizations entity (root, OU, or account) for which you want a report. You can optionally include an `OrganizationsPolicyId` parameter to view a report for a specific policy. The operation returns a `JobId` that you can then use in the `GetOrganizationsAccessReport` operation to monitor the `JobStatus` until the job is complete.