Unlock new possibilities: AWS Organizations service control policy now supports full IAM language

Sep 2025·

Swara Gandhi

· 0 min read

Abstract

A deep dive into the newly expanded IAM policy language support for AWS Organizations service control policies (SCPs), including new condition keys, policy elements, and patterns for enterprise-scale governance. Co-authored with the AWS IAM team.

Type

Preprint

Last updated on Sep 2025

AWS Organizations IAM Service Control Policies Cloud Governance

Authors

Swara Gandhi

Senior Solutions Architect at Amazon Web Services

Swara Gandhi is a Senior Solutions Architect in Identity Solutions at Amazon Web Services, based in New York. She is a 15x speaker at flagship AWS events - re:Invent, re:Inforce, and AWS Summits - and a speaker at RSA Conference 2026 on trusted identity propagation for autonomous agents across cloud and SaaS.

Swara specializes in access controls, data perimeters, and policy-as-code, delivering large-scale identity features and reference architectures adopted by Fortune 100 financial institutions. She is a core contributor to Amazon Bedrock AgentCore Identity, building OAuth flows, identity propagation patterns, and zero-trust primitives for the agentic AI era.

Swara is a contributor to the Internet Engineering Task Force (IETF) and FIDO Alliance, and serves on the IDPro Body of Knowledge Committee. She co-hosts industry webinars on bridging identity gaps across teams and systems, and is the author of widely-adopted AWS best practices, case studies, and open-source tooling for enterprise identity governance.

In 2025, Swara was recognized by the Influential Women platform for leadership and innovation in the identity space.

← AWS Startup Security Baseline Apr 2026

How to import existing AWS Organizations SCPs and RCPs to CloudFormation Mar 2025 →