Before you can create and attach a policy to your organization, you must enable that policy type for use. Enabling a policy type is a one-time task on the organization root. You can enable a policy type from only the organization's management account or a member account designated as a delegated administrator.
Minimum permissions
To enable a policy type, you need permission to run the following actions:
-
organizations:EnablePolicyType
-
organizations:DescribeOrganization
– required only when using the Organizations console -
organizations:ListRoots
– required only when using the Organizations console
To enable a policy type
-
Sign in to the AWS Organizations console
. You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization’s management account. -
On the Policies
page, choose the name of the policy type that you want to enable. -
On the policy type page, choose Enable
policy type
.The page is replaced by a list of the available policies of the specified type.