cloudformation:DeactivateOrganizationsAccess

Write

cloudformation:DeactivateOrganizationsAccess is a Write access-level action in the cloudformation service. Grants permission to deactivate trusted access between StackSets and Organizations. If trusted access is deactivated, the management account does not have permissions to create and manage service-managed StackSets for your organization

Resource types

This action does not support resource-level permissions; use "Resource": "*" in your policy.

Condition keys

No condition keys are documented for this action.

Example IAM policy

A minimal policy that allows cloudformation:DeactivateOrganizationsAccess. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowCloudformationDeactivateOrganizationsAccess",
      "Effect": "Allow",
      "Action": "cloudformation:DeactivateOrganizationsAccess",
      "Resource": "*"
    }
  ]
}

Related actions in cloudformation

View all cloudformation actions →