AWS has announced the launch of resource control policies (RCPs), a new type of authorization policy in AWS Organizations. RCPs allow organizations to centrally restrict service access across accounts, bolstering security with preventative controls that supersede permissive policies - even for external users. RCPs complement service control policies (SCPs) and work independently. SCPs allow you to limit the permissions granted to principals, while RCPs limit the permissions granted to resources. For example, an organization can use RCPs to restrict access to Amazon S3 buckets so that they can only be accessed by principals that belong to the organization. RCPs are evaluated when your resources are being accessed irrespective of who is making the API request. It is important to note that neither SCPs nor RCPs grant any permissions. They only set the maximum permissions available to principals and resources in your organization. You still need to grant permissions with appropriate IAM policies. RCPs are a powerful tool for controlling access to resources in AWS, and can help organizations improve their security posture.