AWS organizations documentation change
Summary
Removed reference to example SCPs for tagging enforcement documentation
Security assessment
The change removes a link to example SCPs but doesn't address any specific vulnerability or weakness. Tag enforcement documentation remains unchanged otherwise.
Diff
diff --git a/organizations/latest/userguide/orgs_manage_policies_tag-policies-enforcement.md b/organizations/latest/userguide/orgs_manage_policies_tag-policies-enforcement.md index 44c3b896d..3476af870 100644 --- a//organizations/latest/userguide/orgs_manage_policies_tag-policies-enforcement.md +++ b//organizations/latest/userguide/orgs_manage_policies_tag-policies-enforcement.md @@ -30 +30 @@ With enforcement for basic compliance rules, you can prevent resource creation w -Basic compliance rules do not enforce tag compliance on resources that are created without tags. This capability does not enforce missing tag keys. You cannot use this capability to ensure that required or mandatory tag keys are configured at resource creation. Use reporting mode in "Required tag keys" to enforce required tag keys for resources created by IaC tools such as CloudFormation, Terraform, and Pulumi. Use SCPs to prevent IAM users and roles in target accounts from creating certain resource types if the request doesn't include the specified tags. Find sample SCPs for tagging enforcement in our [Example SCPs for tagging resources](./orgs_manage_policies_scps_examples_tagging.html). +Basic compliance rules do not enforce tag compliance on resources that are created without tags. This capability does not enforce missing tag keys. You cannot use this capability to ensure that required or mandatory tag keys are configured at resource creation. Use reporting mode in "Required tag keys" to enforce required tag keys for resources created by IaC tools such as CloudFormation, Terraform, and Pulumi. Use SCPs to prevent IAM users and roles in target accounts from creating certain resource types if the request doesn't include the specified tags.