AWS organizations documentation change
Summary
Added clarification note distinguishing between SCPs and RCPs usage scenarios, and added Amazon ECR/OpenSearch Serverless to supported services list
Security assessment
The change adds documentation about proper use of security controls (SCPs/RCPs) but does not address a specific vulnerability. It enhances understanding of existing security features rather than fixing a security issue.
Diff
diff --git a/organizations/latest/userguide/orgs_manage_policies_rcps.md b/organizations/latest/userguide/orgs_manage_policies_rcps.md index cea8e61a8..d0838aa2d 100644 --- a//organizations/latest/userguide/orgs_manage_policies_rcps.md +++ b//organizations/latest/userguide/orgs_manage_policies_rcps.md @@ -8,0 +9,10 @@ List of AWS services that support RCPsTesting effects of RCPsMaximum size of RCP +###### Note + +**Service control policies (SCPs) and resource control policies (RCPs)** + +Use an SCP when you need to limit permissions of IAM principals within your organization's member accounts. + +Use an RCP when you need to restrict IAM principals that are external to your organization accounts making requests to access resources within your organization’s member accounts. + +For more information, see [Understanding SCPs and RCPs](./orgs_manage_policies_authorization_policies.html). + @@ -55,0 +66,4 @@ RCPs apply to actions for the following AWS services: + * [Amazon Elastic Container Registry](https://docs.aws.amazon.com/ecr) + + * [Amazon OpenSearch Serverless](https://docs.aws.amazon.com/opensearch-service) +