TermService Control Policies (SCPs)
DefinitionIAM-like policies applied at the AWS Organizations account or OU level that define the maximum permissions available to all IAM entities in those accounts, regardless of their identity-based policies. Used to enforce guardrails such as region restrictions and prohibited API actions.