config:DeleteOrganizationConfigRule is a Write access-level action in the config service. Grants permission to delete the specified organization config rule and all of its evaluation results from all member accounts in that organization
ARNs that config:DeleteOrganizationConfigRule can be scoped to in an IAM policy.
Keys you can use in the Condition block of a policy that grants config:DeleteOrganizationConfigRule.
Filters access by tag-value associated with the resource
A minimal policy that allows config:DeleteOrganizationConfigRule. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowConfigDeleteOrganizationConfigRule",
"Effect": "Allow",
"Action": "config:DeleteOrganizationConfigRule",
"Resource": "*"
}
]
}