AWS Security ChangesHomeSearch

AWS organizations medium security documentation change

Service: organizations · 2026-07-13 · Security-related medium

File: organizations/latest/userguide/orgs_troubleshoot.md

Summary

Added troubleshooting section for missing default security controls and explained manual recovery process.

Security assessment

Directly addresses security control failure scenario where SCPs might not apply automatically, which could allow account leaving/closing. Documents both the vulnerability (intermittent errors) and remediation.

Diff

diff --git a/organizations/latest/userguide/orgs_troubleshoot.md b/organizations/latest/userguide/orgs_troubleshoot.md
index 6f29fb57e..803a6bc48 100644
--- a//organizations/latest/userguide/orgs_troubleshoot.md
+++ b//organizations/latest/userguide/orgs_troubleshoot.md
@@ -36,0 +37,2 @@ Use the information here to help you diagnose and fix access-denied or other com
+  * I don't see default security controls after creating my organization
+
@@ -123,0 +126,6 @@ For more information about how some other AWS services are affected by this, con
+### I don't see default security controls after creating my organization
+
+When you create an organization through the AWS Organizations console, AWS Organizations automatically enables service control policies (SCPs) and attaches a default SCP to the root. This default SCP denies the `organizations:LeaveOrganization` and `account:CloseAccount` actions. In rare cases, an intermittent error might prevent this automatic process from completing.
+
+If you don't see the default SCP attached to your organization root, for instructions on how to manually configure the recommended security controls, see [Default security controls in AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_default_controls.html).
+
@@ -130 +138 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Infrastructure security
+Resilience