Reference: .html
In the docs linked above, the last table, I wonder why is the resultant for Production OU and Account E and F is "No s3 access"
Does this mean "no AWS service access at all"? Or only specifically no s3 access?
For a permission to be allowed for a specific account, there must be an explicit Allow statement at every level from the root through each OU in the direct path to the account (including the target account itself)
I guess it means no service access, since there's no explicit allow access at any level, but I want to reconfirm my understanding. Or perhaps I misunderstand the "resultant" wording there