Viewing effective AI services opt-out policies
Determine the effective Artificial Intelligence (AI) services opt-out policy for an account in your organization.
What is the effective AI services opt-out policy?
The effective AI services opt-out policy specifies the final rules that apply to an AWS account. It is the aggregation of any AI services opt-out policies that the account inherits, plus any AI services opt-out policies that are directly attached to the account. When you attach an AI services opt-out policy to the organization's root, it applies to all accounts in your organization. When you attach an AI services opt-out policy to an OU, it applies to all accounts and OUs that belong to the OU. When you attach a policy directly to an account, it applies only to that one AWS account.
For example, the AI services opt-out policy attached to the organization root might specify that all accounts in the organization opt out of content use by all AWS machine learning services. A separate AI services opt-out policy attached directly to one member account specifies that it opts in to content use for only Amazon Rekognition. The combination of these AI services opt-out policies comprises the effective AI services opt-out policy. The result is that all accounts in the organization are opted out of all AWS services, with the exception of one account that opts in to Amazon Rekognition.
For information about how policies are combined into the final effective policy, see Understanding management policy inheritance.
How to view the effective AI services opt-out policy
You can view the effective AI services opt-out policy for an account from the AWS Management Console, AWS API, or AWS Command Line Interface.
Minimum permissions
To view the effective AI services opt-out policy for an account, you must have permission to run the following actions:
-
organizations:DescribeEffectivePolicy
-
organizations:DescribeOrganization
– required only when using the Organizations console