AWS Sign-in Supports Resource-Based and Control Policies
AWS Sign-in now allows resource-based policies (per account) and resource control policies (organization-wide) to restrict console access to specific networks. This enhancement, which can be combined with Private Access, helps organizations better manage security and compliance by controlling sign-in origins and accessible accounts. These features are available at no additional cost in all commercial AWS Regions.
- →Restrict Console Sign-in with Resource Policies
- →Enhanced Control with Private Access Integration
- →Availability and Cost
Features (1) ›
- Restrict Console Sign-in with Resource Policies
AWS Sign-in now supports resource-based policies for individual accounts and resource control policies (RCPs) for AWS Organizations to restrict console access to expected networks. These policies are evaluated during sign-in and when credentials are requested, enhancing security by controlling user access origins and permissible accounts.
Enhancements (1) ›
- Enhanced Control with Private Access Integration
Users can combine the new resource-based policies and RCPs with AWS Management Console Private Access. This integration provides a comprehensive approach to managing console security, controlling both the networks users can sign in from and the specific AWS accounts they can access.
Notes (1) ›
- Availability and Cost
AWS Sign-in resource-based policies and RCPs are available at no additional cost in all AWS commercial Regions. Documentation is available in the AWS Sign-in User Guide and the AWS Sign-in API Reference.
https://aws.amazon.com/about-aws/whats-new/2026/06/aws-sign-in/