Policies in AWS Organizations enable you to apply additional types of management to the AWS accounts in your organization. You can use policies when all features are enabled in your organization.
The AWS Organizations console displays the enabled or disabled status for each policy type. On the Organize accounts tab, choose the Root in the left navigation pane. The details pane on the right side of the screen shows all of the available policy types. The list indicates which are enabled and which are disabled in that organization root. If the option to Enable a type is present, that type is currently disabled. If the option to Disable a type is present, that type is currently enabled.
Organizations offers policy types in the following two broad categories:
Authorization policies help you to centrally manage the security of AWS accounts across an organization.
Management policiesManagement policies help you centrally configure and manage AWS services and their features across an organization.
Declarative policies allow you to centrally declare and enforce desired configurations for a given AWS service at scale across an organization. Once attached, the configuration is always maintained when the service adds new features or APIs.
Backup policies allow you to centrally manage and apply backup plans to the AWS resources across an organization's accounts.
Tag policies allow you to standardize the tags attached to the AWS resources in an organization's accounts.
Chat applications policies allow you to control access to an organization's accounts from chat applications such as Slack and Microsoft Teams.
AI services opt-out policies allow you to control data collection for AWS AI services for all the accounts in an organization.
Security Hub policies allow you to address security coverage gaps that align with your organization's security requirements and centrally applying them across an organization.
The following table summarizes some of the characteristics of each policy type. For additional characteristics about these policy types, see Quotas and service limits for AWS Organizations.
Policy type Policy category Affects management account Maximum number you can attach to a root, OU, or account Maximum size Supports viewing effective policy for OU or account SCP Authorization No 5 5120 characters No RCP Authorization No 5 5120 characters No Declarative policy Management Yes 10 10,000 characters Yes Backup policy Management Yes 10 10,000 characters Yes Tag policy Management Yes 10 10,000 characters Yes Chat applications policy Management Yes 5 10,000 characters Yes AI services opt-out policy Management Yes 5 2500 characters Yes Security Hub policy Management Yes 10 10,000 characters YesDeleting an OU
Authorization policies
Did this page help you? - Yes
Thanks for letting us know we're doing a good job!
If you've got a moment, please tell us what we did right so we can do more of it.
Did this page help you? - No
Thanks for letting us know this page needs work. We're sorry we let you down.
If you've got a moment, please tell us how we can make the documentation better.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4