AWS organizations documentation change
Summary
Updated image captions and alt-text to be more descriptive about SCP evaluation scenarios
Security assessment
Changes improve documentation clarity for existing security controls (SCPs) but don't introduce new security guidance or address vulnerabilities.
Diff
diff --git a/organizations/latest/userguide/orgs_manage_policies_scps_evaluation.md b/organizations/latest/userguide/orgs_manage_policies_scps_evaluation.md index d729d2b4d..30195dd60 100644 --- a//organizations/latest/userguide/orgs_manage_policies_scps_evaluation.md +++ b//organizations/latest/userguide/orgs_manage_policies_scps_evaluation.md @@ -34 +34 @@ SCP evaluation follows a deny-by-default model, meaning that any permissions not - + @@ -38 +38 @@ _Figure 1: Example organization structure with an`Allow` statement attached at R - + @@ -48 +48 @@ For example, let’s say there is an SCP attached to the Production OU that has - + @@ -123 +123 @@ This scenario demonstrates how deny policies at higher levels in the organizatio - + @@ -129 +129 @@ This scenario shows how allow policies work in SCPs. For a service to be accessi - + @@ -135 +135 @@ Missing an "Allow" statement at the root-level in an SCP is a critical misconfig - + @@ -141 +141 @@ This scenario demonstrates a two-level deep OU structure. Both the Root and the - + @@ -147 +147 @@ This scenario shows how allow policies can be used to restrict access to specifi - + @@ -153 +153 @@ This scenario demonstrates that a deny policy at the root-level affects all acco - +