AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-07-25 · Documentation medium

File: prescriptive-guidance/latest/privacy-reference-architecture/require-organization-membership.md

Summary

Added VPC endpoint policy with organization-based restrictions

Security assessment

Example policy shows security control limiting access to organization members

Diff

diff --git a/prescriptive-guidance/latest/privacy-reference-architecture/require-organization-membership.md b/prescriptive-guidance/latest/privacy-reference-architecture/require-organization-membership.md
index 0073c9453..6c990a9e6 100644
--- a//prescriptive-guidance/latest/privacy-reference-architecture/require-organization-membership.md
+++ b//prescriptive-guidance/latest/privacy-reference-architecture/require-organization-membership.md
@@ -12,0 +13,19 @@ This [VPC endpoint policy](https://docs.aws.amazon.com/vpc/latest/privatelink/vp
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Sid": "AllowOnlyIntendedResourcesAndPrincipals",
+                "Effect": "Allow",
+                "Principal": "*",
+                "Action": "s3:*",
+                "Resource": "*",
+                "Condition": {
+                    "StringEquals": {
+                        "aws:PrincipalOrgID": "o-1abcde123",
+                        "aws:ResourceOrgID": "o-1abcde123"
+                    }
+                }
+            }
+        ]
+    }
+