2025 09 19

AWS – AWS Organizations supports full IAM policy language for service control policies (SCPs)

AWS Organizations now offers full IAM policy language support for service control policies (SCPs), enabling you to write SCPs with the same flexibility as IAM managed policies. With this launch, SCPs now support use of conditions, individual resource ARNs, and the NotAction element with Allow statements. Additionally, you can now use wildcards at the beginning or middle of Action element strings and the NotResource element.

With these policy language enhancements, you can now create more concise and precise policies to implement sophisticated permissions guardrails across your organization. For example, you can restrict access to specific resources with condition statements. The enhanced functionality maintains backward compatibility with existing SCPs, so no changes to current policies are required.

This feature is now available in all AWS commercial and AWS GovCloud (US) Regions.

To learn more about the enhanced SCP capabilities, see service control policies in the AWS Organizations User Guide and AWS blog.

AWS – AWS Organizations supports full IAM policy language for service control policies (SCPs)

Related Posts

AWS – Amazon OpenSearch Ingestion now supports cross-account ingestion

GCP – Back to AI school: New Google Cloud training to future-proof your AI skills

GCP – 5 best practices for Managed Lustre on Google Kubernetes Engine