organizations:DisableAWSServiceAccess is a Write access-level action in the organizations service. Grants permission to disable integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations
This action does not support resource-level permissions; use "Resource": "*" in your policy.
No condition keys are documented for this action.
A minimal policy that allows organizations:DisableAWSServiceAccess. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowOrganizationsDisableAWSServiceAccess",
"Effect": "Allow",
"Action": "organizations:DisableAWSServiceAccess",
"Resource": "*"
}
]
}