AWS prescriptive-guidance documentation change
Summary
Added VPC endpoint policy with organization-based restrictions
Security assessment
Example policy shows security control limiting access to organization members
Diff
diff --git a/prescriptive-guidance/latest/privacy-reference-architecture/require-organization-membership.md b/prescriptive-guidance/latest/privacy-reference-architecture/require-organization-membership.md index 0073c9453..6c990a9e6 100644 --- a//prescriptive-guidance/latest/privacy-reference-architecture/require-organization-membership.md +++ b//prescriptive-guidance/latest/privacy-reference-architecture/require-organization-membership.md @@ -12,0 +13,19 @@ This [VPC endpoint policy](https://docs.aws.amazon.com/vpc/latest/privatelink/vp + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "AllowOnlyIntendedResourcesAndPrincipals", + "Effect": "Allow", + "Principal": "*", + "Action": "s3:*", + "Resource": "*", + "Condition": { + "StringEquals": { + "aws:PrincipalOrgID": "o-1abcde123", + "aws:ResourceOrgID": "o-1abcde123" + } + } + } + ] + } +