Managing organization policies with Amazon Organizations - Amazon Organizations
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Managing organization policies with Amazon Organizations

Policies in Amazon Organizations enable you to apply additional types of management to the Amazon Web Services accounts in your organization. You can use policies when all features are enabled in your organization.

The Amazon Organizations console displays the enabled or disabled status for each policy type. On the Organize accounts tab, choose the Root in the left navigation pane. The details pane on the right side of the screen shows all of the available policy types. The list indicates which are enabled and which are disabled in that organization root. If the option to Enable a type is present, that type is currently disabled. If the option to Disable a type is present, that type is currently enabled.

Policy types

Organizations offers policy types in the following two broad categories:

Authorization policies

Authorization policies help you to centrally manage the security of Amazon Web Services accounts across an organization.

Management policies

Management policies help you centrally configure and manage Amazon Web Services services and their features across an organization.

  • Backup policies help you centrally manage and apply backup plans to the Amazon resources across your organization's accounts.

  • Tag policies help you standardize the tags attached to the Amazon resources in your organization's accounts.

  • Chatbot policies enable you to control access to your organization's accounts from chat applications such as Slack and Microsoft Teams.

  • AI services opt-out policies enable you to control data collection for Amazon AI services for all of your organization's accounts.

The following table summarizes some of the characteristics of each policy type. For additional characteristics about these policy types, see Quotas and service limits for Amazon Organizations.

Policy type Affects management account Maximum number you can attach to a root, OU, or account Maximum size Supports viewing effective policy for OU or account
SCP No 5 5120 characters No
Backup policy Yes 10 10,000 characters Yes
Tag policy Yes 10 10,000 characters Yes
Chatbot policy Yes 5 10,000 characters Yes
AI services opt-out policy Yes 5 2500 characters Yes