AWS Organizations supports full IAM policy language for service control policies (SCPs)
News
AWS Organizations now supports full IAM policy language for service control policies (SCPs), offering enhanced flexibility and control over organizational permissions.
- SCPs now support conditions, individual resource ARNs, and NotAction element with Allow statements
- Allows use of wildcards in Action element strings and NotResource element
- Enables more precise and concise permissions guardrails across an organization
- Can restrict access to specific resources using condition statements
- Maintains backward compatibility with existing SCPs
- Available in all AWS commercial and AWS GovCloud (US) Regions
This enhancement provides administrators with more granular control over permissions and resource access in AWS Organizations.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Sep 19
2025
2025
Unlock new possibilities: AWS Organizations service control policy now supports full IAM language
May 15
2026
2026
AWS Organizations now supports higher quotas for service control policies (SCPs)
Sep 8
2025
2025
AWS Config now supports resource tags for IAM Policies
Dec 1
2025
2025
AWS announces IAM Policy Autopilot to help builders generate IAM policies from code
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.