AWS Organizations is the service that groups many AWS accounts under one management account, with shared billing and centrally enforced policies. If your company follows standard AWS practice — separate accounts per team, per environment, or per workload — then "rolling out Claude on Bedrock" really means answering four questions: who enables model access, who is allowed to invoke, where quota lives, and how usage is observed. Each has a clean answer.
Model access: enable once, inherit everywhere it counts
Bedrock model access is enabled per account, and the first invocation of a third-party model auto-initiates the AWS Marketplace subscription (allow up to 15 minutes; missing prerequisites produce an AccessDeniedException). The identity enabling a model for the first time needs aws-marketplace:Subscribe, aws-marketplace:Unsubscribe, and aws-marketplace:ViewSubscriptions.
The organization-level shortcut: Anthropic models require a one-time First Time Use (FTU) use-case form, and a submission from the management account is inherited by the whole AWS Organization. Submitting it once centrally (via the console or the PutUseCaseForModelAccess API) saves every member account from repeating the step. The FTU form does not apply at all to Claude accessed through the newer bedrock-mantle endpoint. Details in requesting Claude model access.
Guardrails: SCPs are the organization-wide "no"
Service Control Policies (SCPs) set the outer boundary of what any identity in a member account can do, regardless of its IAM policies. Two Bedrock-specific facts shape how you write them:
First, to block model use, deny the invocation actions — bedrock:InvokeModel (or the bedrock:InvokeModel* wildcard, plus bedrock:Converse/bedrock:ConverseStream for completeness). Denying Marketplace subscription alone does not block first invocation, and deleting a model agreement doesn't either — invoking the model re-creates it.
Second, cross-region inference interacts with region-restricting SCPs: geographic inference profiles need all destination regions allowed, and global profiles need "aws:RequestedRegion": "unspecified" permitted. An SCP that pins accounts to two regions will quietly break global routing. See using SCPs to restrict Bedrock for worked policies.
Quota: it lives where the call is made
Bedrock quotas are allocated per account, per region, and — importantly — per endpoint: the legacy bedrock-runtime endpoint and the newer bedrock-mantle endpoint track separate quota allocations even for the same Claude model. This drives the central architectural choice:
| Pattern | How it works | Trade-off |
|---|---|---|
| Distributed | Each workload account calls Bedrock directly | Quota and cost isolation per team; more accounts to govern |
| Centralized | Workload accounts assume a role into a central inference account | One quota pool and one governance point; central account becomes a shared dependency |
The centralized pattern is covered in cross-account Bedrock calls via role assumption. Whichever you choose, quota increases for bedrock-runtime go through the Service Quotas console, while bedrock-mantle increases require an AWS Support case naming the endpoint, region, model, and quota.
Observability across accounts
CloudTrail records Bedrock API calls in each account, and cross-region requests are logged in the source region with an additionalEventData.inferenceRegion field showing where processing happened. Model invocation logging (full request/response capture to CloudWatch Logs or S3) is configured per account and only supports destinations in the same account and region — so in a multi-account setup, plan for per-account logging configuration plus whatever central aggregation your organization already uses for other services. Note that invocation logging currently captures bedrock-runtime calls, not bedrock-mantle traffic.
Where to go next
Layer in IAM condition keys for per-model restrictions, and read cross-region inference profiles before writing region SCPs. The enterprise checklist covers the non-AWS parts of a rollout.