Managing AWS Organizations policies - AWS Organizations

Managing AWS Organizations policies

Policies in AWS Organizations enable you to apply additional types of management to the AWS accounts in your organization. You can use policies when all features are enabled in your organization.

The AWS Organizations console displays the enabled or disabled status for each policy type. On the Organize accounts tab, choose the Root in the left navigation pane. The details pane on the right side of the screen shows all of the available policy types. The list indicates which are enabled and which are disabled in that organization root. If the option to Enable a type is present, that type is currently disabled. If the option to Disable a type is present, that type is currently enabled.

Policy types

Organizations offers policy types in the following two broad categories:

Authorization policies

Authorization policies help you to centrally manage the security of the AWS accounts in your organization.

Management policies

Management policies enable you to centrally configure and manage AWS services and their features.

The following table summarizes some of the characteristics of each policy type:

Policy type Affects master account Maximum number you can attach to a root, OU, or account Maximum size Supports viewing effective policy for OU or account
SCP No 5 5120 bytes No
AI services opt-out policy Yes 5 2500 characters Yes
Backup policy Yes 10 10,000 characters Yes
Tag policy Yes 5 2500 characters Yes

Using policies in your organization