Merge pull request #757 from PRX/organization-policy-variable

Use policy variable for organization access
PRX · Apr 22, 2024 · b4c03f0 · b4c03f0
2 parents e41a545 + 8fa6a85
commit b4c03f0
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 4 deletions.
diff --git a/spire/templates/apps/dovetail-cdn-arranger.yml b/spire/templates/apps/dovetail-cdn-arranger.yml
@@ -96,7 +96,7 @@ Resources:
           - Action: s3:GetObject
             Condition:
               StringEquals:
-                aws:PrincipalOrgID: !Ref AwsOrganizationId
+                aws:ResourceOrgID: ${aws:PrincipalOrgID}
             Effect: Allow
             Principal:
               AWS: "*"

diff --git a/spire/templates/root.yml b/spire/templates/root.yml
@@ -227,7 +227,6 @@ Resources:
         RootStackName: !Ref AWS::StackName
         RootStackId: !Ref AWS::StackId
         EnvironmentType: !Ref EnvironmentType
-        AwsOrganizationId: !Ref AwsOrganizationId
         NestedChangeSetScrubbingResourcesState: !Ref NestedChangeSetScrubbingResourcesState
       Tags:
         - { Key: prx:meta:tagging-version, Value: "2021-04-07" }

diff --git a/spire/templates/shared-dovetail-kinesis.yml b/spire/templates/shared-dovetail-kinesis.yml
@@ -9,7 +9,6 @@ Parameters:
   EnvironmentType: { Type: String }
   RootStackName: { Type: String }
   RootStackId: { Type: String }
-  AwsOrganizationId: { Type: String }
   NestedChangeSetScrubbingResourcesState: { Type: String }
 
 Conditions:
@@ -51,7 +50,7 @@ Resources:
           - Action: sts:AssumeRole
             Condition:
               StringEquals:
-                aws:PrincipalOrgID: !Ref AwsOrganizationId
+                aws:ResourceOrgID: ${aws:PrincipalOrgID}
             Effect: Allow
             Principal:
               AWS: "*"