AWS Finally Increased SCP Quotas

As of 15th May 2026, AWS Organizations now supports higher quotas for SCPs.

The maximum number of SCPs that can be attached to a single node (root, OU, or account) has increased from 5 to 10, and the maximum SCP size has increased from 5,120 to 10,240 characters”

These higher quotas are available automatically to all AWS Organizations with no action required.

Like most people who work with SCPs I've been asking for an update on this pretty much every six months.

My last in-person re:Invent (the last one before Covid) I met with the AWS Organizations team who said it was a highly requested feature but that expanding these limits costs real compute and they need to make sure their internal infrastructure can support them. They had no eta.

This announcement makes it much easier for granulated scp permissions albeit at the expense of complexity, and that complexity means it’s important to have a solid IAC methodology underpinning your scp strategy.

I’ve put some example Terraform for managing SCPs as part of a landing zone strategy on my GitHub, based on what is used in production as part of the global landing zone tooling at my dayjob.

https://github.com/etc-org/aws-scp-templatefile