AWS Organizations
User Guide

AWS Managed Policies Available for Use with AWS Organizations

This section identifies the AWS-managed policies provided for your use to manage your administration. You can't modify or delete an AWS managed policy, but you can attach or detach them to entities in your organization as needed.

AWS Organizations Managed Service Control Policies

Service control policies (SCPs) are similar to IAM permission policies, but are a feature of AWS Organizations rather than IAM. You use SCPs to specify maximum permissions for affected entities. You can attach SCPs to roots, organizational units (OUs), or accounts in your organization. You can create your own, or you can use the policies that IAM defines. You can see the list of policies in your organization on the Policies page on the Organizations console.


Every root, OU, and account must have at least one SCP attached at all times.

Policy Name Description ARN
FullAWSAccess Provides AWS Organizations master account access to member accounts. arn:aws:iam::aws:policy/AWSFullAccess