New Stax Workload Default Parameter - StaxAwsOrgId
Published 25 Nov 2020
Stax has added a new Stax Workload default parameter, StaxAwsOrgId, to allow access to your AWS Organization ID when deploying Stax Workloads.
Use this new parameter to easily access your AWS Organization ID value to allow Organization-wide IAM permissions.
For more information on using AWS Organizational IAM permissions, see this blog post from AWS.
Example:
The following example grants s3:GetObject on a S3 bucket access to all accounts in your AWS Organization.
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
StaxAwsOrgId:
Type: "String"
Resources:
S3Bucket:
Type: "AWS::S3::Bucket"
Properties:
BucketName: "my-s3-bucket"
S3BucketPolicy:
Type: "AWS::S3::BucketPolicy"
Properties:
Bucket: !Ref S3Bucket
PolicyDocument:
Statement:
- Action:
- "s3:GetObject"
Effect: Allow
Resource:
Fn::Join:
- ""
- - "arn:aws:s3:::"
- !Ref S3Bucket
- /*
Principal: "*"
Condition:
StringEquals:
aws:PrincipalOrgID:
- !Ref StaxAwsOrgId
See also
Back to changelog