AWS Security ChangesHomeSearch

AWS organizations documentation change

Service: organizations · 2026-05-22 · Documentation low

File: organizations/latest/userguide/orgs_manage_policies-ec2_getting-started.md

Summary

Restructured EC2 policies getting started guide with new sections (Prerequisites, Procedure, Additional resources), updated step numbering, clarified trusted access requirements, and improved formatting

Security assessment

Changes are organizational/editorial improvements without addressing specific vulnerabilities. Minor security-related clarification about the read-only service-linked role for account status reports is existing functionality, not new security documentation. No evidence of patching vulnerabilities or addressing incidents.

Diff

diff --git a/organizations/latest/userguide/orgs_manage_policies-ec2_getting-started.md b/organizations/latest/userguide/orgs_manage_policies-ec2_getting-started.md
index 4377c6e51..2760b8a67 100644
--- a//organizations/latest/userguide/orgs_manage_policies-ec2_getting-started.md
+++ b//organizations/latest/userguide/orgs_manage_policies-ec2_getting-started.md
@@ -6,0 +7,2 @@
+PrerequisitesProcedureAdditional resources
+
@@ -9 +11,3 @@
-Follow these steps to get started using EC2 policies.
+EC2 policies let you enforce declarative configurations across accounts in your organization. This topic walks you through the steps to enable, create, and attach EC2 policies.
+
+## Prerequisites
@@ -11 +15 @@ Follow these steps to get started using EC2 policies.
-  1. [Learn about the permissions you must have to perform declarative policy tasks](./orgs_manage_policies_prereqs.html).
+Before you begin, make sure you have the required permissions to perform declarative policy tasks. For more information, see [Prerequisites for managing declarative policies](./orgs_manage_policies_prereqs.html).
@@ -13 +17,5 @@ Follow these steps to get started using EC2 policies.
-  2. [Enable EC2 policies for your organization](./enable-policy-type.html).
+## Procedure
+
+For all of these steps, you sign in as an IAM user, assume an IAM role, or sign in as the root user ([not recommended](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)) in the organization's management account.
+
+  1. [Enable EC2 policies for your organization](./enable-policy-type.html).
@@ -17 +25 @@ Follow these steps to get started using EC2 policies.
-**Enabling trust access is required**
+**Enabling trusted access is required**
@@ -19 +27 @@ Follow these steps to get started using EC2 policies.
-You must enable trusted access for Amazon EC2. This creates a read-only service-linked role that is used to generate the account status report of what the existing configuration is for accounts across your organization.
+You must enable trusted access for Amazon EC2. This creates a read-only service-linked role that generates the account status report of the current configuration for accounts in your organization.
@@ -23 +31 @@ You must enable trusted access for Amazon EC2. This creates a read-only service-
-If you use the Organizations console, this step is a part of the process for enabling EC2 policies.
+If you use the Organizations console, enabling trusted access is part of the process for enabling EC2 policies.
@@ -27,3 +35 @@ If you use the Organizations console, this step is a part of the process for ena
-If you use the AWS CLI, there are two separate APIs:
-
-     * [EnablePolicyType](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html), which you use to enable EC2 policies.
+If you use the AWS CLI, use two separate operations:
@@ -31 +37 @@ If you use the AWS CLI, there are two separate APIs:
-     * [EnableAWSServiceAccess](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnableAWSServiceAccess.html), which you use to enable trusted access.
+     * [EnablePolicyType](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html) – Enables EC2 policies.
@@ -33 +39 @@ If you use the AWS CLI, there are two separate APIs:
-For more information on how to enable trusted access for a specific service with the AWS CLI see, [AWS services that you can use with AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html).
+     * [EnableAWSServiceAccess](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnableAWSServiceAccess.html) – Enables trusted access.
@@ -35 +41 @@ For more information on how to enable trusted access for a specific service with
-  3. [Run the account status report](./orgs_manage_policies_ec2_status-report.html).
+For more information about how to enable trusted access for a specific service with the AWS CLI, see [AWS services that you can use with AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html).
@@ -37 +43 @@ For more information on how to enable trusted access for a specific service with
-  4. [Create an EC2 policy](./orgs_policies_create.html).
+  2. [Run the account status report](./orgs_manage_policies_ec2_status-report.html).
@@ -39 +45 @@ For more information on how to enable trusted access for a specific service with
-  5. [Attach the EC2 policy to your organization's root, OU, or account](./orgs_policies_attach.html).
+  3. [Create an EC2 policy](./orgs_policies_create.html).
@@ -41 +47 @@ For more information on how to enable trusted access for a specific service with
-  6. [View the combined effective EC2 policy that applies to an account](./orgs_manage_policies_effective.html).
+  4. [Attach the EC2 policy to your organization's root, OU, or account](./orgs_policies_attach.html).
@@ -42,0 +49 @@ For more information on how to enable trusted access for a specific service with
+  5. [View the combined effective EC2 policy that applies to an account](./orgs_manage_policies_effective.html).
@@ -46 +52,0 @@ For more information on how to enable trusted access for a specific service with
-For all of these steps, you sign in as an IAM user, assume an IAM role, or sign in as the root user ([not recommended](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)) in the organization's management account.
@@ -48 +54 @@ For all of these steps, you sign in as an IAM user, assume an IAM role, or sign
-###### Other information
+## Additional resources
@@ -50 +56 @@ For all of these steps, you sign in as an IAM user, assume an IAM role, or sign
-  * [Learn EC2 policy syntax and see example policies](./orgs_manage_policies_ec2_syntax.html)
+  * [EC2 policy syntax and examples](./orgs_manage_policies_ec2_syntax.html)