AWS Security ChangesHomeSearch

AWS inspector documentation change

Service: inspector · 2025-11-22 · Documentation low

File: inspector/latest/user/designating-admin.md

Summary

Added notes about organization policy precedence and visibility limitations for large organizations (10,000+ accounts).

Security assessment

While the changes clarify governance hierarchy and operational limits, there's no direct evidence of addressing a security vulnerability. The updates improve documentation about security feature management but don't resolve an active security issue.

Diff

diff --git a/inspector/latest/user/designating-admin.md b/inspector/latest/user/designating-admin.md
index e9249cb0b..da16e9713 100644
--- a//inspector/latest/user/designating-admin.md
+++ b//inspector/latest/user/designating-admin.md
@@ -19,0 +20,4 @@ If you exceed 10,000 member accounts, you receive a notification through the Ama
+###### Note
+
+When Amazon Inspector is enabled through AWS Organizations policies for organizations with more than 10,000 accounts (up to 50,000), the policy applies to all accounts. However, only 10,000 accounts will be associated with the Amazon Inspector organization. i.e. the delegated administrator can view findings and account status for only these 10,000 accounts in the Amazon Inspector console. 
+
@@ -39,0 +44,5 @@ This is the default setting for AWS Organizations. If it's not activated, see [A
+**Organization policies take precedence over delegated administrator settings.**
+    
+
+If your organization uses AWS Organizations policies to enable Amazon Inspector, the policy settings determine which scan types are enabled. We recommend designating the delegated administrator before creating organization policies to ensure consistent governance. For more information, see [Organization policy governance model](./admin-member-relationship.html#org-policy-overview). 
+