AWS organizations documentation change
Summary
Updated AWSOrganizationsFullAccess policy documentation to include new account name management permissions.
Security assessment
Adds documentation for IAM policy changes granting `account:GetAccountInformation` and `account:PutAccountName` actions. While these relate to access control (a security feature), there is no evidence this addresses a specific security vulnerability. The change documents expanded policy capabilities for account name management.
Diff
diff --git a/organizations/latest/userguide/orgs_reference_available-policies.md b/organizations/latest/userguide/orgs_reference_available-policies.md index 06f49d3ca..9502893bd 100644 --- a//organizations/latest/userguide/orgs_reference_available-policies.md +++ b//organizations/latest/userguide/orgs_reference_available-policies.md @@ -42,0 +43 @@ Change | Description | Date +[AWSOrganizationsFullAccess](https://console.aws.amazon.com/iam/home?#/policies/arn:aws:iam::aws:policy/AWSOrganizationsFullAccess$jsonEditor) – updated to allow account API permissions required to view or modify an account name via the Organizations console. | Added the `account:GetAccountInformation` action to enable access to view the account name of any account in an organization and the `account:PutAccountName` action to enable access to modify any account name in an organization. | April 22, 2025