This section identifies the AWS-managed policies provided for your use to manage your organization. You can't modify or delete an AWS managed policy, but you can attach or detach them to entities in your organization as needed.
AWS Organizations managed policies for use with
AWS Identity and Access Management (IAM)
An IAM managed policy is provided and maintained by AWS. A managed policy provides permissions for common tasks that you can assign to your users by attaching the managed policy to the appropriate IAM user or role object. You don't have to write the policy yourself, and when AWS updates the policy as appropriate to support new services, you automatically and immediately get the benefit of the update.
You can see the list of
AWS managed policies in Policies
You can use the following managed policies to grant permissions to users in your organization.
AWS managed policy: AWSOrganizationsFullAccess
Provides all of the permissions required to create and fully administer an organization.
View the policy: AWSOrganizationsFullAccess
.
AWS managed policy: AWSOrganizationsReadOnlyAccess
Provides read only access to information about the organization. It doesn't permit the user to make any changes.
View the policy:
AWSOrganizationsReadOnlyAccess
.
AWS managed policy: DeclarativePoliciesEC2Report
This policy is used by the AWSServiceRoleForDeclarativePoliciesEC2Report service-linked role to enable it to describe account attribute states for member accounts.
View the policy: DeclarativePoliciesEC2Report.
Updates to Organizations AWS managed
policies
The following table details updates to AWS managed policies since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the Document History page.
Change | Description | Date |
---|---|---|
DeclarativePoliciesEC2Report |
Added the |
November 22, 2024 |
AWSOrganizationsReadOnlyAccess |
Added the |
June 6, 2024 |
AWSOrganizationsFullAccess |
Added |
February 6, 2024 |
AWSOrganizationsReadOnlyAccess |
Added |
February 6, 2024 |
AWSOrganizationsFullAccess |
Added the |
December 22, 2022 |
AWSOrganizationsReadOnlyAccess |
Added the |
December 22, 2022 |
AWSOrganizationsFullAccess |
Added the |
October 21, 2022 |
AWSOrganizationsReadOnlyAccess |
Added the |
October 21, 2022 |
AWSOrganizationsFullAccess |
Added the |
August 24, 2022 |
AWSOrganizationsFullAccess |
Added the |
February 7, 2022 |
AWSOrganizationsReadOnlyAccess |
Added the |
February 7, 2022 |
AWS managed authorization
policies
Authorization policies are similar to IAM permission policies, but are a feature of AWS Organizations rather than IAM. You use authorization policies to centrally configure and manage access for principals and resources in your member accounts.
You can see the list of
policies in your organization on the Policies
Policy name | Description | ARN |
---|---|---|
FullAWSAccess |
Allows access to every operation. | arn:aws:organizations::aws:policy/service_control_policy/p-FullAWSAccess |
RCPFullAWSAccess |
Allows access to every resource. | arn:aws:organizations::aws:policy/resource_control_policy/p-RCPFullAWSAccess |