Managing organization policies with AWS Organizations
Policies in AWS Organizations enable you to apply additional types of management to the AWS accounts in your organization. You can use policies when all features are enabled in your organization.
The AWS Organizations console displays the enabled or disabled status for each policy type. On the
Organize accounts tab, choose the Root
in the left
navigation pane. The details pane on the right side of the screen shows all of the available
policy types. The list indicates which are enabled and which are disabled in that
organization root. If the option to Enable a type is present, that type
is currently disabled. If the option to Disable a type is present, that
type is currently enabled.
Topics
- Policy types
- Service control policies (SCPs)
- Management policies
- Delegated administrator for AWS Organizations
- Enabling a policy type
- Disabling a policy type
- Creating organization policies with AWS Organizations
- Updating organization policies with AWS Organizations
- Editing tags attached to organization policies with AWS Organizations
- Attaching organization policies with AWS Organizations
- Detaching organization policies with AWS Organizations
- Getting information about your organization's policies
- Deleting organization policies with AWS Organizations
Policy types
Organizations offers policy types in the following two broad categories:
Authorization policies
Authorization policies help you to centrally manage the security of AWS accounts across an organization.
-
Service control policies (SCPs) offer central control over the maximum available permissions for all of the accounts in your organization.
Management policies
Management policies help you centrally configure and manage AWS services and their features across an organization.
-
Backup policies help you centrally manage and apply backup plans to the AWS resources across your organization's accounts.
-
Tag policies help you standardize the tags attached to the AWS resources in your organization's accounts.
-
Chatbot policies enable you to control access to your organization's accounts from chat applications such as Slack and Microsoft Teams.
-
AI services opt-out policies enable you to control data collection for AWS AI services for all of your organization's accounts.
The following table summarizes some of the characteristics of each policy type. For additional characteristics about these policy types, see Quotas and service limits for AWS Organizations.
Policy type | Affects management account | Maximum number you can attach to a root, OU, or account | Maximum size | Supports viewing effective policy for OU or account |
---|---|---|---|---|
SCP | 5 | 5120 characters | ||
Backup policy | 10 | 10,000 characters | ||
Tag policy | 10 | 10,000 characters | ||
Chatbot policy | 5 | 10,000 characters | ||
AI services opt-out policy | 5 | 2500 characters |