AWS organizations documentation change
Summary
Restructured EC2 policies getting started guide with new sections (Prerequisites, Procedure, Additional resources), updated step numbering, clarified trusted access requirements, and improved formatting
Security assessment
Changes are organizational/editorial improvements without addressing specific vulnerabilities. Minor security-related clarification about the read-only service-linked role for account status reports is existing functionality, not new security documentation. No evidence of patching vulnerabilities or addressing incidents.
Diff
diff --git a/organizations/latest/userguide/orgs_manage_policies-ec2_getting-started.md b/organizations/latest/userguide/orgs_manage_policies-ec2_getting-started.md index 4377c6e51..2760b8a67 100644 --- a//organizations/latest/userguide/orgs_manage_policies-ec2_getting-started.md +++ b//organizations/latest/userguide/orgs_manage_policies-ec2_getting-started.md @@ -6,0 +7,2 @@ +PrerequisitesProcedureAdditional resources + @@ -9 +11,3 @@ -Follow these steps to get started using EC2 policies. +EC2 policies let you enforce declarative configurations across accounts in your organization. This topic walks you through the steps to enable, create, and attach EC2 policies. + +## Prerequisites @@ -11 +15 @@ Follow these steps to get started using EC2 policies. - 1. [Learn about the permissions you must have to perform declarative policy tasks](./orgs_manage_policies_prereqs.html). +Before you begin, make sure you have the required permissions to perform declarative policy tasks. For more information, see [Prerequisites for managing declarative policies](./orgs_manage_policies_prereqs.html). @@ -13 +17,5 @@ Follow these steps to get started using EC2 policies. - 2. [Enable EC2 policies for your organization](./enable-policy-type.html). +## Procedure + +For all of these steps, you sign in as an IAM user, assume an IAM role, or sign in as the root user ([not recommended](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)) in the organization's management account. + + 1. [Enable EC2 policies for your organization](./enable-policy-type.html). @@ -17 +25 @@ Follow these steps to get started using EC2 policies. -**Enabling trust access is required** +**Enabling trusted access is required** @@ -19 +27 @@ Follow these steps to get started using EC2 policies. -You must enable trusted access for Amazon EC2. This creates a read-only service-linked role that is used to generate the account status report of what the existing configuration is for accounts across your organization. +You must enable trusted access for Amazon EC2. This creates a read-only service-linked role that generates the account status report of the current configuration for accounts in your organization. @@ -23 +31 @@ You must enable trusted access for Amazon EC2. This creates a read-only service- -If you use the Organizations console, this step is a part of the process for enabling EC2 policies. +If you use the Organizations console, enabling trusted access is part of the process for enabling EC2 policies. @@ -27,3 +35 @@ If you use the Organizations console, this step is a part of the process for ena -If you use the AWS CLI, there are two separate APIs: - - * [EnablePolicyType](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html), which you use to enable EC2 policies. +If you use the AWS CLI, use two separate operations: @@ -31 +37 @@ If you use the AWS CLI, there are two separate APIs: - * [EnableAWSServiceAccess](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnableAWSServiceAccess.html), which you use to enable trusted access. + * [EnablePolicyType](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html) – Enables EC2 policies. @@ -33 +39 @@ If you use the AWS CLI, there are two separate APIs: -For more information on how to enable trusted access for a specific service with the AWS CLI see, [AWS services that you can use with AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html). + * [EnableAWSServiceAccess](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnableAWSServiceAccess.html) – Enables trusted access. @@ -35 +41 @@ For more information on how to enable trusted access for a specific service with - 3. [Run the account status report](./orgs_manage_policies_ec2_status-report.html). +For more information about how to enable trusted access for a specific service with the AWS CLI, see [AWS services that you can use with AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html). @@ -37 +43 @@ For more information on how to enable trusted access for a specific service with - 4. [Create an EC2 policy](./orgs_policies_create.html). + 2. [Run the account status report](./orgs_manage_policies_ec2_status-report.html). @@ -39 +45 @@ For more information on how to enable trusted access for a specific service with - 5. [Attach the EC2 policy to your organization's root, OU, or account](./orgs_policies_attach.html). + 3. [Create an EC2 policy](./orgs_policies_create.html). @@ -41 +47 @@ For more information on how to enable trusted access for a specific service with - 6. [View the combined effective EC2 policy that applies to an account](./orgs_manage_policies_effective.html). + 4. [Attach the EC2 policy to your organization's root, OU, or account](./orgs_policies_attach.html). @@ -42,0 +49 @@ For more information on how to enable trusted access for a specific service with + 5. [View the combined effective EC2 policy that applies to an account](./orgs_manage_policies_effective.html). @@ -46 +52,0 @@ For more information on how to enable trusted access for a specific service with -For all of these steps, you sign in as an IAM user, assume an IAM role, or sign in as the root user ([not recommended](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)) in the organization's management account. @@ -48 +54 @@ For all of these steps, you sign in as an IAM user, assume an IAM role, or sign -###### Other information +## Additional resources @@ -50 +56 @@ For all of these steps, you sign in as an IAM user, assume an IAM role, or sign - * [Learn EC2 policy syntax and see example policies](./orgs_manage_policies_ec2_syntax.html) + * [EC2 policy syntax and examples](./orgs_manage_policies_ec2_syntax.html)