AWS singlesignon medium security documentation change
Summary
Moved an 'Important' note about irreversible account instance enablement and SCP usage to a more prominent position
Security assessment
The note explicitly highlights the use of SCPs to limit account instance creation, which is a security control. While the content existed previously, relocating it emphasizes security implications, making it a documentation improvement for security practices.
Diff
diff --git a/singlesignon/latest/userguide/enable-account-instance-console.md b/singlesignon/latest/userguide/enable-account-instance-console.md index 4d32d3131..e623d05dd 100644 --- a//singlesignon/latest/userguide/enable-account-instance-console.md +++ b//singlesignon/latest/userguide/enable-account-instance-console.md @@ -10,0 +11,4 @@ If you enabled IAM Identity Center before November 15, 2023, you have an [organi +###### Important + +Enabling account instances of IAM Identity Center for member accounts is a one-time operation. This means that this operation can't be reversed. Once enabled, you can limit the creation of account instances by creating a service control policy (SCP). For instructions, see [Control account instance creation with Services Control Policies](https://docs.aws.amazon.com/singlesignon/latest/userguide/control-account-instance.html). + @@ -19,4 +22,0 @@ If you enabled IAM Identity Center before November 15, 2023, you have an [organi -###### Important - -Enabling account instances of IAM Identity Center for member accounts is a one-time operation. This means that this operation can't be reversed. Once enabled, you can limit the creation of account instances by creating a service control policy (SCP). For instructions, see [Control account instance creation with Services Control Policies](https://docs.aws.amazon.com/singlesignon/latest/userguide/control-account-instance.html). -