Document history for Amazon Organizations - Amazon Organizations
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Document history for Amazon Organizations

The following table describes major documentation updates for Amazon Organizations.

  • API version: 2016-11-28

  • Latest documentation update: September 26, 2024

ChangeDescriptionDate

Added chatbot policies

You can use chatbot policies to control access to your organization's accounts from chat applications such as Slack and Microsoft Teams.

September 26, 2024

Scenario-driven content updates

The Amazon Organizations documentation was updated to be more scenario-driven throughout the entire guide and content was reorganized to improve readability and discovery. If you have feedback on these changes, use the Provide feedback button at the bottom of a page.

September 4, 2024

New opt out from all AI services topic

Added documentation about how opt out from all supported Amazon AI services.

August 16, 2024

Organizations now supports 10,000 accounts in an organization

You can now manage up to 10,000 member accounts in an organization, doubling the previous limit of 5,000 accounts. If you have a valid requirement and business need, you can request and be approved for a 10,000 account quota without service limit checks from Organizations or other integrated Amazon Web Services services.

August 14, 2024

New account migration topic

Added documentation about how to migrate an account from one organization to another.

August 1, 2024

Updated Backup policies

Amazon Backup policies now support Amazon Elastic Block Store (Amazon EBS) snapshot archives. For updated examples, see Updating a backup policy and Backup policy syntax and examples.

July 9, 2024

Updated the AWSOrganizationsReadOnlyAccess managed policy

Added the account:GetPrimaryEmail action to the AWSOrganizationsReadOnlyAccess policy which enables access to view the root user email address for any member account in an organization and added the account:GetRegionOptStatusaction to enable access to view the enabled Regions for any member account in an organization.

June 6, 2024

New update root user email address topic

Organizations now provides the capability to centrally update the root user email address for any member account in an organization.

June 6, 2024

Updated policy statements

Added new Sid elements to the Amazon Organizations managed policy statements.

February 6, 2024

New close management account topic

Added links to considerations and detailed steps that walk through how to close a management account.

February 1, 2024

Updated best practices

Added new information to the best practices section to help align with IAM best practices.

June 12, 2023

Updated the AWSOrganizationsFullAccess and AWSOrganizationsReadOnlyAccess managed policies

Both managed policies were updated to enable write or read access to contacts for accounts.

October 21, 2022

Updated the AWSOrganizationsFullAccess managed policy

The managed policy was updated to allow creating an organization by adding the permission required to create the service linked role needed by a new organization.

August 24, 2022

Organizations close account capability from the Amazon Organizations console

Principals in the management account can close member accounts from the Amazon Organizations console, and protect member accounts from accidental closure by using IAM policies.

March 29, 2022

Updated announcement to update alternate contacts with Amazon Organizations console

Organizations now provides ability to update alternate contacts for accounts within your organization using the Amazon Organizations console. Announce new capability and points to Account Management Reference for instructions.

February 8, 2022

Organizations managed policy updates - Update to an existing policy

Updated the AWSOrganizationsFullAccess and AWSOrganizationsReadOnlyAccess managed policies to allow account API permissions required to update or view account alternate contacts via the Amazon Organizations console.

February 7, 2022

Organizations integration with Amazon DevOps Guru

You can integrate Amazon DevOps Guru with Amazon Organizations to monitor application health holistically across all of your organization accounts and gain insights.

January 3, 2022

Organizations integration with Amazon Detective

You can integrate Amazon Detective with Amazon Organizations to ensure that your Detective behavior graph provides visibility into the activity for all of your organization accounts.

December 16, 2021

Organizations integration with Amazon Config now supports multi-account multi-region data aggregation.

You can use a delegated administrator account to aggregate resource configuration and compliance data from all of the member accounts your organization. For more information, see Multi-account multi-region data aggregationin the Amazon Config Developer Guide.

June 16, 2021

Organizations integration with Amazon Firewall Manager now includes support for a delegated administrator

You can now designate a member account in your organization to be the Firewall Manager administrator for the entire organization. This allows for better separation of permissions from the organization's management account.

April 30, 2021

Organizations backup policies now support continuous backup

You can use the Amazon Backup continuous backups feature with your organization's backup policies.

March 10, 2021

Organizations integration with Amazon CloudFormation StackSets now includes support for a delegated administrator

You can now designate a member account in your organization to be the Amazon CloudFormation StackSets administrator for the entire organization. This allows for better separation of permissions from the organization's management account.

February 18, 2021

Continue inviting accounts while you enable all features

Amazon updated the process to enable all features in an organization. You can now continue to invite new accounts to join your organization while you wait for existing accounts to respond to their invitations.

February 3, 2021

Introduces version 2.0 of the Amazon Organizations console

Amazon introduced a new version of the Amazon console. All of the documentation has been updated to reflect the new way of performing tasks.

January 21, 2021

Organizations now supports integration with Amazon Web Services Marketplace

You can now enable Amazon Web Services Marketplace to more easily share your software licenses across all of the accounts in your organization.

December 3, 2020

Organizations now supports integration with Amazon S3 Lens

Amazon S3 Lens supports both trusted access and delegated administrator with Organizations. For details, see Amazon S3 Storage Lens in the Amazon Simple Storage Service User Guide.

November 18, 2020

Cross-account backup copies

When you use backup policies to backup the resources in your organization, you can now store copies of your backup in other Amazon Web Services accounts in the organization.

November 18, 2020

Amazon Web Services Regions in China now support Amazon Resource Access Manager as an Organizations trusted service

You can now use Amazon RAM features that integrate with Organizations as a trusted service when you use Organizations and Amazon RAM in China.

November 18, 2020

Organizations now supports integration with Amazon Security Hub

You can enable Security Hub across all of the accounts in your organization, and designate one of your organization's member accounts as the delegated administrator account for Security Hub.

November 12, 2020

Renamed the master account

Amazon Organizations changed the name of the “master account” to “management account”. This is a name change only, and there is no change in functionality.

October 20, 2020

New Best Practices section and topics

Added a new section for best practices for Amazon Organizations. The new section includes topics that discuss best practices for the management account and member account root users and password management.

October 6, 2020

Added new best practices section and first two pages

There is a new section for topics that describe best practices for Amazon Organizations. This update includes a topic for best practices for an organization's management account and a topic for best practices for member accounts.

October 2, 2020

Organizations backup policies now support application-consistent backups on Windows EC2 instances by using VSS (Volume Shadow Copy Service)

Backup policies support a new advanced_backup_settings" section. The first entry in this new section is an ec2 setting called WindowsVSS that you can enable or disable. For details, see Creating a VSS-Enabled Windows Backup in the Amazon Backup Developer Guide.

September 24, 2020

Organizations supports tag-on-create and tag-based access control

You can add tags to Organizations resources when you create them. You can use tag policies to standardize tag usage on Organizations resources. You can use IAM policies to restrict access to only resources that have specified tag keys and values.

September 15, 2020

Added Amazon Health as a trusted service

You can aggregate Amazon Health events across accounts in your organization.

August 4, 2020

Artificial Intelligence (AI) services opt-out policies

You can use AI services opt-out policies to control whether Amazon AI services may store and use customer content processed by those services (AI content) for the development and continuous improvement of Amazon AI services and technologies.

July 8, 2020

Added backup policies and integration with Amazon Backup

You can use backup policies to create and enforce backup policies across all of the accounts in your organization.

June 24, 2020

Support delegated administration for IAM Access Analyzer

Enables you to delegate administrative access for Access Analyzer in your organization to a designated member account.

March 30, 2020

Integration with Amazon CloudFormation StackSets

You can create a service-managed stack set to deploy stack instances to accounts managed by Amazon Organizations.

February 11, 2020

Integration with Compute Optimizer

Compute Optimizer was added as a service that can work with accounts in your organization.

February 4, 2020

Tag policies

You can use tag policies to help standardize tags across resources in your organization's accounts.

November 26, 2019

Integration with Systems Manager

You can synchronize operations data across all Amazon Web Services accounts in your organization in Systems Manager Explorer.

November 26, 2019

aws:PrincipalOrgPaths

New global condition key checks the Amazon Organizations path for the IAM user, IAM role, or Amazon Web Services account root user who is making the request.

November 20, 2019

Integration with Amazon Config rules

You can use Amazon Config API operations to manage Amazon Config rules across all Amazon Web Services accounts in your organization.

July 8, 2019

New service for trusted access

Service Quotas added as a service that can work with the accounts in your organization.

June 24, 2019

Integration with Amazon Control Tower

Amazon Control Tower added as a service that can work with the accounts in your organization.

June 24, 2019

Integration with Amazon Identity and Access Management

IAM provides service last accessed data for your organization's entities (the organization root, OUs, and accounts). You can use this data to restrict access to only the Amazon Web Services services that you need.

June 20, 2019

Tagging accounts

You can tag and untag accounts in your organization and view tags on an account in your organization.

June 6, 2019

Resources, conditions, and the NotAction element in service control policies (SCPs)

You can now specify resources, conditions, and the NotAction element in SCPs to deny access across accounts in your organization or organizational unit (OU).

March 25, 2019

New services for trusted access

Amazon License Manager and Service Catalog added as services that can work with the accounts in your organization.

December 21, 2018

New services for trusted access

Amazon CloudTrail and Amazon RAM added as services that can work with the accounts in your organization.

December 4, 2018

New service for trusted access

Amazon Directory Service added as a service that can work with the accounts in your organization.

September 25, 2018

Email address verification

You must verify that you own the email address that is associated with the management account before you can invite existing accounts to your organization.

September 20, 2018

CreateAccount notifications

CreateAccount notifications are published to the management account's CloudTrail logs.

June 28, 2018

New service for trusted access

Amazon Artifact added as a service that can work with the accounts in your organization.

June 20, 2018

New services for trusted access

Amazon Config and Amazon Firewall Manager added as services that can work with the accounts in your organization.

April 18, 2018

Trusted service access

You can now enable or disable access for select Amazon Web Services services to work in the accounts in your organization. IAM Identity Center is the initial supported trusted service.

March 29, 2018

Account removal is now self-service

You can now remove accounts that were created from within Amazon Organizations without contacting Amazon Web Services Support.

December 19, 2017

Added support for new service Amazon IAM Identity Center

Amazon Organizations now supports integration with Amazon IAM Identity Center (IAM Identity Center).

December 7, 2017

Amazon added a service-linked role to all organization accounts

A service-linked role named AWSServiceRoleForOrganizations is added to all accounts in an organization to enable integration between Amazon Organizations and other Amazon Web Services services.

October 11, 2017

You can now remove created accounts

Customers can now remove created accounts from their organization, with help from Amazon Web Services Support.

June 15, 2017

Service launch

Initial version of the Amazon Organizations documentation that accompanied the launch of the new service.

February 17, 2017