Easier Way To Control Access To AWS Resources By Using The AWS Organization of IAM Principals

Posted on: May 17, 2018

AWS Identity and Access Management (IAM) now makes it easier for you to control access to your AWS resources by using the AWS organization of IAM principals (users and roles). You can use a new condition key, aws:PrincipalOrgID, in your permissions policy to require all IAM principals (users and roles) accessing your resources, to be from an account in your organization.  

For example, consider an Amazon S3 bucket policy that you want to restrict access to principals associated with AWS accounts inside of your organization. Now, you can use the aws:PrincipalOrgID condition and set the value to your organization ID in the condition element of your policy.

To learn more about the new condition key aws:PrincipalOrgID you can visit the IAM Documentation.