AWS Security ChangesHomeSearch

AWS managedservices high security documentation change

Service: managedservices · 2025-10-25 · Security-related high

File: managedservices/latest/userguide/malz-net-arch-section.md

Summary

Changed SCP creation process from '(review required)' to '(managed automation)' in documentation links and references

Security assessment

Service Control Policies (SCPs) are critical security controls in AWS Organizations. Changing their creation from a reviewed process to automated deployment could impact security posture by reducing oversight of permission boundaries. This directly relates to security policy management.

Diff

diff --git a/managedservices/latest/userguide/malz-net-arch-section.md b/managedservices/latest/userguide/malz-net-arch-section.md
index b70479eed..d95c57443 100644
--- a//managedservices/latest/userguide/malz-net-arch-section.md
+++ b//managedservices/latest/userguide/malz-net-arch-section.md
@@ -53 +53 @@ A typical AMS multi-account landing zone consists of four top-level organization
-AMS-managed multi-account landing zone also enables you to create custom OUs for grouping and organizing AWS Accounts and to associate custom SCPs with them; for examples on doing this, see [ Management account | Create Custom OUs](https://docs.aws.amazon.com/managedservices/latest/ctref/deployment-managed-management-account-create-custom-ous.html) and [ Management account | Create Custom SCP (review required)](https://docs.aws.amazon.com/managedservices/latest/ctref/deployment-managed-management-account-create-custom-scp-review-required.html), respectively. AMS provides four existing OUs under which new OUs and accounts can be requested: accelerate, applications > managed, applications > development, and customer-managed.
+AMS-managed multi-account landing zone also enables you to create custom OUs for grouping and organizing AWS Accounts and to associate custom SCPs with them; for examples on doing this, see [ Management account | Create Custom OUs](https://docs.aws.amazon.com/managedservices/latest/ctref/deployment-managed-management-account-create-custom-ous.html) and [ Management account | Create Custom SCP (managed automation)](https://docs.aws.amazon.com/managedservices/latest/ctref/deployment-managed-management-account-create-custom-scp-review-required.html), respectively. AMS provides four existing OUs under which new OUs and accounts can be requested: accelerate, applications > managed, applications > development, and customer-managed.
@@ -80 +80 @@ AWS provides service control policies (SCPs) for permissions management in an AW
-You can also create custom SCPs and attach them to specific OUs. They can be requested from your Management account using change type ct-33ste5yc7hprs. AMS then reviews the custom SCPs requested before applying them to the target OUs. For examples, see [ Management account | Create Custom OUs](https://docs.aws.amazon.com/managedservices/latest/ctref/deployment-managed-management-account-create-custom-ous.html) and [ Management account | Create Custom SCP (Review Required)](https://docs.aws.amazon.com/managedservices/latest/ctref/deployment-managed-management-account-create-custom-scp-review-required.html).
+You can also create custom SCPs and attach them to specific OUs. They can be requested from your Management account using change type ct-33ste5yc7hprs. AMS then reviews the custom SCPs requested before applying them to the target OUs. For examples, see [ Management account | Create Custom OUs](https://docs.aws.amazon.com/managedservices/latest/ctref/deployment-managed-management-account-create-custom-ous.html) and [ Management account | Create Custom SCP (managed automation)](https://docs.aws.amazon.com/managedservices/latest/ctref/deployment-managed-management-account-create-custom-scp-review-required.html).