Skip to content

AWS Lambda announces support for PrincipalOrgID in resource-based policies

AWS Lambda now supports the aws:PrincipalOrgID condition key in Lambda function resource-based policies. Customers can use resource-based policies for Lambda functions including specific version or alias to grant usage permissions for other AWS accounts or AWS services. The aws:PrincipalOrgID condition key is designed to control access to AWS resources by using the AWS organization of IAM principals. You can now use this condition key in the function resource-based policies to require all principals accessing Lambda functions to be from an account in the organization. Additionally, when you add and remove accounts, policies that include the aws:PrincipalOrgID key should automatically include the correct accounts and help minimize manual updating.

Source:: Amazon AWS