Using Data Exports with Amazon Organizations
Data Exports can work with Amazon Organizations so that management accounts can generate exports with data for all accounts in your organization. Member accounts can also create data exports, but these exports only contain the billing and cost management data for that specific member account. The settings that control whether the management account receives data for all member accounts varies across the Data Exports tables. Refer to the following sections for information about how it is determined whether to include member account data for each table.
The IAM policies that allow or restrict the ability to create an export are the same for both management and member accounts.
If you are an administrator of an Amazon Organizations management account and you don’t want member accounts to create an export, you can apply a service control policy (SCP) that prevents member accounts from creating exports. While the SCP prevents member accounts from creating new exports, it doesn’t delete previously created exports.
Note
SCPs apply only to member accounts. To prevent a management account from creating an export, modify the IAM policies attached to the user roles in the management account.