AWS Security ChangesHomeSearch

AWS organizations medium security documentation change

Service: organizations · 2026-05-13 · Security-related medium

File: organizations/latest/userguide/orgs_account_close_policy.md

Summary

Updated account closure restriction examples and added new IAM policy denying account closure actions

Security assessment

Added explicit IAM policy denying account closure actions (account:CloseAccount and organizations:CloseAccount). This directly documents security controls to prevent unauthorized account termination, addressing account security risks.

Diff

diff --git a/organizations/latest/userguide/orgs_account_close_policy.md b/organizations/latest/userguide/orgs_account_close_policy.md
index 87d0c0ceb..82abe251b 100644
--- a//organizations/latest/userguide/orgs_account_close_policy.md
+++ b//organizations/latest/userguide/orgs_account_close_policy.md
@@ -28 +28 @@ Service Control Policies (SCPs) don't affect IAM principals in the management ac
-The following code examples show two different methods you can use to restrict member accounts from closing their account.
+The following code examples show different methods you can use to restrict member accounts from closing their account.
@@ -71,0 +72,20 @@ You can attach the following policy to an identity in your management account. T
+Prevent member accounts from closure with AWS Organizations
+    
+
+You can attach the following policy to an identity in your management account. This policy prevents principals in the management account from closing any member account by denying both the `account:CloseAccount` and `organizations:CloseAccount` actions.
+    
+    
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Deny",
+                "Action": [
+                    "account:CloseAccount",
+                    "organizations:CloseAccount"
+                    ],
+                "Resource": "*"
+            }
+        ]
+    }
+