AWS organizations documentation change
Summary
Restructured policy documentation into a bulleted list format and added new policy types including Security Hub, Inspector, Bedrock, and S3 policies. Removed standalone policy definitions in favor of linked references.
Security assessment
Added documentation for Security Hub policies (address security coverage gaps), Inspector policies (vulnerability management), and AI opt-out policies (data collection control). While these relate to security capabilities, there's no evidence of addressing a specific vulnerability or incident.
Diff
diff --git a/organizations/latest/userguide/orgs_getting-started_concepts.md b/organizations/latest/userguide/orgs_getting-started_concepts.md index d3a815e39..05c864182 100644 --- a//organizations/latest/userguide/orgs_getting-started_concepts.md +++ b//organizations/latest/userguide/orgs_getting-started_concepts.md @@ -210 +210 @@ Management policies help you centrally configure and manage AWS services and the -**Declarative policy** + * **[Declarative policies](./orgs_manage_policies_declarative.html)** allow you to centrally declare and enforce desired configurations for a given AWS service at scale across an organization. Once attached, the configuration is always maintained when the service adds new features or APIs. @@ -211,0 +212 @@ Management policies help you centrally configure and manage AWS services and the + * **[Backup policies](./orgs_manage_policies_backup.html)** allow you to centrally manage and apply backup plans to the AWS resources across an organization's accounts. @@ -213 +214 @@ Management policies help you centrally configure and manage AWS services and the -A _declarative policy_ is a type of policy that allows you to centrally declare and enforce desired configurations for a given AWS service at scale across an organization. Once attached, the configuration is always maintained when the service adds new features or APIs. for more information, see [declarative policy](./orgs_manage_policies_declarative.html). + * **[Tag policies](./orgs_manage_policies_tag-policies.html)** allow you to standardize the tags attached to the AWS resources in an organization's accounts. @@ -215 +216 @@ A _declarative policy_ is a type of policy that allows you to centrally declare -**Backup policy** + * **[Chat applications policies](./orgs_manage_policies_chatbot.html)** allow you to control access to an organization's accounts from chat applications such as Slack and Microsoft Teams. @@ -216,0 +218 @@ A _declarative policy_ is a type of policy that allows you to centrally declare + * **[AI services opt-out policies](./orgs_manage_policies_ai-opt-out.html)** allow you to control data collection for AWS AI services for all the accounts in an organization. @@ -218 +220 @@ A _declarative policy_ is a type of policy that allows you to centrally declare -A _backup policy_ is type of policy that allows you to centrally manage and apply backup plans to the AWS resources across an organization's accounts. For more information, see [backup policy](./orgs_manage_policies_backup.html). + * **[Security Hub policies](./orgs_manage_policies_security_hub.html)** allow you to address security coverage gaps that align with your organization's security requirements and centrally applying them across an organization. @@ -220 +222 @@ A _backup policy_ is type of policy that allows you to centrally manage and appl -**Tag policy** + * **[Amazon Inspector policies](./orgs_manage_policies_inspector.html)** allow you to centrally enable and manage Amazon Inspector across accounts in your AWS organization. @@ -221,0 +224 @@ A _backup policy_ is type of policy that allows you to centrally manage and appl + * **[Amazon Bedrock policies](./orgs_manage_policies_bedrock.html)** allow you to enforce safeguards configured in Amazon Bedrock Guardrails automatically across any element in your organization structure for all model inference calls to Amazon Bedrock. @@ -223 +226 @@ A _backup policy_ is type of policy that allows you to centrally manage and appl -A _tag policy_ is type of policy that allows you to standardize the tags attached to the AWS resources in an organization's accounts. For more information, see [tag policy](./orgs_manage_policies_tag-policies.html). + * **[Upgrade rollout policies](./orgs_manage_policies_upgrade_rollout.html)** allow you to centrally manage and stagger automatic upgrades across multiple AWS resources and accounts in your organization. @@ -225 +228 @@ A _tag policy_ is type of policy that allows you to standardize the tags attache -**Chat applications policy** + * **[Amazon S3 policies](./orgs_manage_policies_s3.html)** allow you to centrally manage configurations for Amazon S3 resources at scale across the accounts in an organization. @@ -228 +230,0 @@ A _tag policy_ is type of policy that allows you to standardize the tags attache -A _chat applications policy_ is a type of policy that allows you to control access to an organization's accounts from chat applications such as Slack and Microsoft Teams. For more information, see [Chat applications policy](./orgs_manage_policies_chatbot.html). @@ -230,4 +231,0 @@ A _chat applications policy_ is a type of policy that allows you to control acce -**AI services opt-out policy** - - -An _AI services opt-out policy_ is a type of policy that allows you to control data collection for AWS AI services for all the accounts in an organization. For more information, see [AI service opt-out policy](./orgs_manage_policies_ai-opt-out.html).