ChangelogStax.io

New Stax Workload Default Parameter - StaxAwsOrgId

Added

Published 25 Nov 2020

Stax has added a new Stax Workload default parameter, StaxAwsOrgId, to allow access to your AWS Organization ID when deploying Stax Workloads.

Use this new parameter to easily access your AWS Organization ID value to allow Organization-wide IAM permissions.

For more information on using AWS Organizational IAM permissions, see this blog post from AWS.

Example:

The following example grants s3:GetObject on a S3 bucket access to all accounts in your AWS Organization.

AWSTemplateFormatVersion: "2010-09-09"
Parameters:
  StaxAwsOrgId:
    Type: "String"
Resources:
  S3Bucket:
    Type: "AWS::S3::Bucket"
    Properties:
      BucketName: "my-s3-bucket"
  S3BucketPolicy:
    Type: "AWS::S3::BucketPolicy"
    Properties:
      Bucket: !Ref S3Bucket
      PolicyDocument:
        Statement:
          - Action:
              - "s3:GetObject"
            Effect: Allow
            Resource:
              Fn::Join:
                - ""
                - - "arn:aws:s3:::"
                  - !Ref S3Bucket
                  - /*
            Principal: "*"
            Condition:
              StringEquals:
                aws:PrincipalOrgID:
                  - !Ref StaxAwsOrgId

See also

Back to changelog