AWS Organizations now offers full IAM policy language support for service control policies (SCPs), enabling you to write SCPs with the same flexibility as IAM managed policies. With this launch, SCPs now support use of conditions, individual resource ARNs, and the NotAction element with Allow statements. Additionally, you can now use wildcards at the beginning or middle of Action element strings and the NotResource element.
With these policy language enhancements, you can now create more concise and precise policies to implement sophisticated permissions guardrails across your organization. For example, you can restrict access to specific resources with condition statements. The enhanced functionality maintains backward compatibility with existing SCPs, so no changes to current policies are required.
This feature is now available in all AWS commercial and AWS GovCloud (US) Regions.
To learn more about the enhanced SCP capabilities, see service control policies in the AWS Organizations User Guide and AWS blog.
Categories: general:products/aws-organizations,general:products/aws-govcloud-us,marketing:marchitecture/security-identity-and-compliance
Source: Amazon Web Services
Latest Posts
- Updates available for Microsoft 365 Apps for Current Channel [MC1255412]
- Publishing InfoPath Forms in SharePoint Online will not be allowed for all tenants [MC1255407]
- (Updated) Set a custom name for the OneDrive sync folder [MC1242782]
- Lists as a knowledge source for agents in SharePoint and OneDrive [MC1255409]
![(Updated) Microsoft 365 Copilot | PowerPoint now supports enterprise image libraries via SharePoint OAL or Templafy [MC1120269]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-pixabay-207489-150x150.webp "(Updated) Microsoft 365 Copilot | PowerPoint now supports enterprise image libraries via SharePoint OAL or Templafy [MC1120269] 6")
![(Updated) Microsoft Teams: New user setting to view incoming calls in a small window [MC1045221]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-pixabay-144243-96x96.webp "(Updated) Microsoft Teams: New user setting to view incoming calls in a small window [MC1045221] 7")