AWS Security ChangesHomeSearch

AWS govcloud-us documentation change

Service: govcloud-us · 2025-08-28 · Documentation medium

File: govcloud-us/latest/UserGuide/govcloud-account-root-user.md

Summary

Removed SCP policy example restricting root user access key management

Security assessment

While the removed SCP was security-related documentation, its deletion doesn't indicate a security issue fix - it simply removes an example of security best practices.

Diff

diff --git a/govcloud-us/latest/UserGuide/govcloud-account-root-user.md b/govcloud-us/latest/UserGuide/govcloud-account-root-user.md
index f7724b979..37582ee3b 100644
--- a//govcloud-us/latest/UserGuide/govcloud-account-root-user.md
+++ b//govcloud-us/latest/UserGuide/govcloud-account-root-user.md
@@ -150,51 +149,0 @@ This SCP will not affect the AWS GovCloud (US) Organizations Management account
-JSON
-    
-
-****
-    
-    
-    
-    {
-                            "Version": "2012-10-17",
-                            "Statement": [{
-                                "Sid": "AccessKeyManagementOnly",
-                                "Effect": "Deny",
-                                "NotAction": [
-                                    "iam:DeleteAccessKey",
-                                    "iam:CreateAccessKey",
-                                    "iam:ListAccessKeys"
-                                ],
-                                "Resource": [
-                                    "*"
-                                ],
-                                "Condition": {
-                                    "StringLike": {
-                                        "aws:PrincipalArn": [
-                                            "arn:aws-us-gov:iam::*:root"
-                                        ]
-                                    }
-                                }
-                            },
-                            {
-                                "Sid": "RootUserAccessKeyManagementOnly",
-                                "Effect": "Deny",
-                                "Action": [
-                                    "iam:DeleteAccessKey",
-                                    "iam:CreateAccessKey",
-                                    "iam:ListAccessKeys"
-                                ],
-                                "Resource": [
-                                    "arn:aws-us-gov:iam::*:user/*"
-                                ],
-                                "Condition": {
-                                    "StringLike": {
-                                        "aws:PrincipalArn": [
-                                            "arn:aws-us-gov:iam::*:root"
-                                        ]
-                                    }
-                                }
-                            }
-                        ]
-                    }
-    
-