AWS Security ChangesHomeSearch

AWS organizations documentation change

Service: organizations · 2025-10-16 · Documentation low

File: organizations/latest/userguide/orgs_reference_limits.md

Summary

Increased maximum account limit from 10,000 to 50,000 and expanded service-specific limits table with additional AWS services

Security assessment

The change updates service quotas and adds references to security-related services (Security Hub, Macie, Inspector) but does not address vulnerabilities or document security features. The quota increase is operational, not security-related.

Diff

diff --git a/organizations/latest/userguide/orgs_reference_limits.md b/organizations/latest/userguide/orgs_reference_limits.md
index 8ce733107..29a6d1732 100644
--- a//organizations/latest/userguide/orgs_reference_limits.md
+++ b//organizations/latest/userguide/orgs_reference_limits.md
@@ -45 +45 @@ Description | Limit
-Default maximum number of accounts | 10 — The default maximum number of accounts allowed in an organization. This quota is adjustable, and can be increased by using the [Service Quotas console](https://console.aws.amazon.com/servicequotas/home?region=us-east-1#!/services/organizations/quotas). **Note:** Only the Management account of an organization can submit this quota increase request. Limit increases can be granted up to 10,000 accounts based on customer qualifications and requirements. Newly created accounts and organizations might experience a quota below the default of 10 accounts. An invitation sent to an account counts against this quota. The count is returned if the invited account declines, the management account cancels the invitation, or the invitation expires. When an account is closed it does not stop counting against this quota until it is permanently closed. For more information on when an account is permanently closed, see [Post-closure period](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-closing.html#post-closure-period) in the _AWS Account Management Reference Guide_. Some services have account limits separate from the maximum number of accounts allowed in an organization. For more information, see [Limits by AWS service](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html#min-max-service-limits).  
+Default maximum number of accounts | 10 — The default maximum number of accounts allowed in an organization. This quota is adjustable, and can be increased by using the [Service Quotas console](https://console.aws.amazon.com/servicequotas/home?region=us-east-1#!/services/organizations/quotas). **Note:** Only the Management account of an organization can submit this quota increase request. Limit increases can be granted up to 50,000 accounts based on customer qualifications and requirements. Newly created accounts and organizations might experience a quota below the default of 10 accounts. An invitation sent to an account counts against this quota. The count is returned if the invited account declines, the management account cancels the invitation, or the invitation expires. When an account is closed it does not stop counting against this quota until it is permanently closed. For more information on when an account is permanently closed, see [Post-closure period](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-closing.html#post-closure-period) in the _AWS Account Management Reference Guide_. Some services have account limits separate from the maximum number of accounts allowed in an organization. For more information, see [Limits by AWS service](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html#min-max-service-limits).  
@@ -70,9 +70,15 @@ Most AWS services support the stated maximum number of accounts that you can hav
-The following tables shows services with separate account limits.
-
-AWS service | Limit | Can be increased  
----|---|---  
-AWS IAM Identity Center | 3000 | Yes  
-AWS Application Migration Service | 5000 | No  
-AWS Directory Service | 250 | Yes  
-  
-For more information, see [AWS IAM Identity Center quotas](https://docs.aws.amazon.com/singlesignon/latest/userguide/limits.html) in the _IAM Identity Center User Guide_ and [AWS MGN service quota limits](https://docs.aws.amazon.com/mgn/latest/ug/MGN-service-limits.html) in the _Application Migration Service User Guide_. 
+The following table shows services with separate account limits.
+
+AWS service | Limit | Can be increased | Service documentation  
+---|---|---|---  
+AWS Directory Service (Directory sharing is available for AWS Managed Microsoft AD) | Directory sharing account capacity varies by edition. | Yes | [AWS Directory Service Quotas](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_limits.html)  
+AWS Audit Manager | 250 | Yes | [AWS Audit Manager Quotas](https://docs.aws.amazon.com/general/latest/gr/audit-manager.html)  
+Amazon Detective | 1200 | Yes | [Amazon Detective Quotas](https://docs.aws.amazon.com/detective/latest/userguide/regions-limitations.html)  
+AWS IAM Identity Center | 3000 | Yes | [AWS IAM Identity Center Quotas](https://docs.aws.amazon.com/singlesignon/latest/userguide/limits.html)  
+AWS Application Migration Service | 5000 | No | [AWS Quotas](https://docs.aws.amazon.com/mgn/latest/ug/MGN-service-limits.html)  
+AWS Security Hub | 10000 | No | [AWS Security Hub Quotas](https://docs.aws.amazon.com/general/latest/gr/sechub.html)  
+Amazon Macie | 10000 | No | [Amazon Macie Quotas](https://docs.aws.amazon.com/macie/latest/user/macie-quotas.html)  
+AWS Control Tower | 10000 | No | [AWS Control Tower Quotas](https://docs.aws.amazon.com/controltower/latest/userguide/limits.html)  
+Amazon Inspector | 10000 | No | [Amazon Inspector Quotas](https://docs.aws.amazon.com/inspector/latest/user/quotas.html)  
+AWS Firewall Manager | 10000 | Yes | [AWS Firewall Manager Quotas](https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html)  
+Amazon DevOps Guru | 10000 | Yes | [Amazon DevOps Guru Quotas](https://docs.aws.amazon.com/devops-guru/latest/userguide/quotas.html)