AWS Security ChangesHomeSearch

AWS organizations documentation change

Service: organizations · 2025-06-19 · Documentation low

File: organizations/latest/userguide/orgs_manage_policies_rcps.md

Summary

Added clarification note distinguishing between SCPs and RCPs usage scenarios, and added Amazon ECR/OpenSearch Serverless to supported services list

Security assessment

The change adds documentation about proper use of security controls (SCPs/RCPs) but does not address a specific vulnerability. It enhances understanding of existing security features rather than fixing a security issue.

Diff

diff --git a/organizations/latest/userguide/orgs_manage_policies_rcps.md b/organizations/latest/userguide/orgs_manage_policies_rcps.md
index cea8e61a8..d0838aa2d 100644
--- a//organizations/latest/userguide/orgs_manage_policies_rcps.md
+++ b//organizations/latest/userguide/orgs_manage_policies_rcps.md
@@ -8,0 +9,10 @@ List of AWS services that support RCPsTesting effects of RCPsMaximum size of RCP
+###### Note
+
+**Service control policies (SCPs) and resource control policies (RCPs)**
+
+Use an SCP when you need to limit permissions of IAM principals within your organization's member accounts.
+
+Use an RCP when you need to restrict IAM principals that are external to your organization accounts making requests to access resources within your organization’s member accounts.
+
+For more information, see [Understanding SCPs and RCPs](./orgs_manage_policies_authorization_policies.html).
+
@@ -55,0 +66,4 @@ RCPs apply to actions for the following AWS services:
+  * [Amazon Elastic Container Registry](https://docs.aws.amazon.com/ecr)
+
+  * [Amazon OpenSearch Serverless](https://docs.aws.amazon.com/opensearch-service)
+