AWS organizations documentation change
Summary
Updated example policy links for SCP and RCP, replacing general examples with specific GitHub sample links including a privileged access control example.
Security assessment
The new SCP example ('Deny member accounts from leaving') documents a security control for organizational governance. The RCP HTTPS example demonstrates encryption enforcement. No evidence of addressing a specific vulnerability.
Diff
diff --git a/organizations/latest/userguide/orgs_manage_policies_declarative.md b/organizations/latest/userguide/orgs_manage_policies_declarative.md index 06666578f..e13c96311 100644 --- a//organizations/latest/userguide/orgs_manage_policies_declarative.md +++ b//organizations/latest/userguide/orgs_manage_policies_declarative.md @@ -57 +57 @@ Feedback mechanism | Non-customizable access denied SCP error. | Non-customizabl -Example policy | [ Deny access to AWS based on the requested AWS Region](./orgs_manage_policies_scps_examples_general.html#example-scp-deny-region) | [Restrict access to only HTTPS connections to your resources](./orgs_manage_policies_rcps_examples.html#example-rcp-enforce-ssl) | [Allowed Images Settings](./orgs_manage_policies_declarative_syntax.html#declarative-policy-ec2-ami-allowed-images) +Example policy | [Deny member accounts from leaving the organization](https://github.com/aws-samples/service-control-policy-examples/blob/main/Privileged-access-controls/Deny-member-accounts-from-leaving-your-AWS-organization.json) | [Restrict access to only HTTPS connections to your resources](https://github.com/aws-samples/resource-control-policy-examples/blob/main/Restrict-resource-access-patterns/Restrict-access-to-only-HTTPS-connections-to-your-resources.json) | [Allowed Images Settings](./orgs_manage_policies_declarative_syntax.html#declarative-policy-ec2-ami-allowed-images)