Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Role and policy that trusts all accounts in an organization and requires an external ID
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:Scan",
"dynamodb:ListTagsOfResource",
"dynamodb:Query",
"dynamodb:DescribeStream",
"dynamodb:DescribeTimeToLive",
"dynamodb:ListStreams",
"dynamodb:DescribeGlobalTableSettings",
"dynamodb:DescribeReservedCapacityOfferings",
"dynamodb:DescribeTable",
"dynamodb:GetShardIterator",
"dynamodb:DescribeGlobalTable",
"dynamodb:DescribeReservedCapacity",
"dynamodb:GetItem",
"dynamodb:DescribeContinuousBackups",
"dynamodb:DescribeBackup",
"dynamodb:DescribeLimits",
"dynamodb:GetRecords"
],
"Resource": "arn:aws:dynamodb:us-east-1:123456789123:table/tabletop",
"Condition": {
"StringEquals": {
"aws:PrincipalOrgID": [
"o-abbcgeeg"
]
}
}
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "e1245787-sdf358-asdfbf-932-939asdfawefdca"
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.