Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Prerequisites and permissions for
management policies for Amazon Organizations
This page describes the prerequisites and required permissions for management policies for Amazon Organizations.
Prerequisites for management
policies
Using management policies for an organization requires the following:
-
Your organization must have all features enabled.
-
You must be signed in to your organization's management account or be a delegated administrator.
-
Your Amazon Identity and Access Management (IAM) user or role must have the permissions that are listed
in the following section.
Permissions for management policies
The following example IAM policy provides permissions to use all aspects of
management policies in an organization.
- JSON
-
-
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "OrganizationPolicies",
"Effect": "Allow",
"Action": [
"organizations:AttachPolicy",
"organizations:CreatePolicy",
"organizations:DeletePolicy",
"organizations:DescribeAccount",
"organizations:DescribeCreateAccountStatus",
"organizations:DescribeEffectivePolicy",
"organizations:DescribeOrganization",
"organizations:DescribeOrganizationalUnit",
"organizations:DescribePolicy",
"organizations:DetachPolicy",
"organizations:DisableAWSServiceAccess",
"organizations:DisablePolicyType",
"organizations:EnableAWSServiceAccess",
"organizations:EnablePolicyType",
"organizations:ListAccounts",
"organizations:ListAccountsForParent",
"organizations:ListAWSServiceAccessForOrganization",
"organizations:ListCreateAccountStatus",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListParents",
"organizations:ListPolicies",
"organizations:ListPoliciesForTarget",
"organizations:ListRoots",
"organizations:ListTargetsForPolicy",
"organizations:UpdatePolicy"
],
"Resource": "*"
}
]
}
For more information about IAM policies and permissions, see the
IAM User Guide.