From 5647134834f16e36825283a9be5bffdae77b9fb0 Mon Sep 17 00:00:00 2001
From: Chris Kalafarski <chris@farski.com>
Date: Tue, 16 Apr 2024 22:45:21 -0400
Subject: [PATCH 1/2] Use policy variable for organization access

---
 spire/templates/apps/dovetail-cdn-arranger.yml | 2 +-
 spire/templates/shared-dovetail-kinesis.yml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/spire/templates/apps/dovetail-cdn-arranger.yml b/spire/templates/apps/dovetail-cdn-arranger.yml
index 70b6fa2e5..3a4b9f784 100644
--- a/spire/templates/apps/dovetail-cdn-arranger.yml
+++ b/spire/templates/apps/dovetail-cdn-arranger.yml
@@ -96,7 +96,7 @@ Resources:
           - Action: s3:GetObject
             Condition:
               StringEquals:
-                aws:PrincipalOrgID: !Ref AwsOrganizationId
+                aws:ResourceOrgID: ${aws:PrincipalOrgID}
             Effect: Allow
             Principal:
               AWS: "*"
diff --git a/spire/templates/shared-dovetail-kinesis.yml b/spire/templates/shared-dovetail-kinesis.yml
index dd8dd248f..4d6657942 100644
--- a/spire/templates/shared-dovetail-kinesis.yml
+++ b/spire/templates/shared-dovetail-kinesis.yml
@@ -51,7 +51,7 @@ Resources:
           - Action: sts:AssumeRole
             Condition:
               StringEquals:
-                aws:PrincipalOrgID: !Ref AwsOrganizationId
+                aws:ResourceOrgID: ${aws:PrincipalOrgID}
             Effect: Allow
             Principal:
               AWS: "*"

From 8fa6a85ff94cdc59f899f0b792ef7349319fc018 Mon Sep 17 00:00:00 2001
From: Chris Kalafarski <chris@farski.com>
Date: Tue, 16 Apr 2024 22:53:13 -0400
Subject: [PATCH 2/2] Remove unused parameter

---
 spire/templates/root.yml                    | 1 -
 spire/templates/shared-dovetail-kinesis.yml | 1 -
 2 files changed, 2 deletions(-)

diff --git a/spire/templates/root.yml b/spire/templates/root.yml
index 290a748b1..b461a8c54 100644
--- a/spire/templates/root.yml
+++ b/spire/templates/root.yml
@@ -227,7 +227,6 @@ Resources:
         RootStackName: !Ref AWS::StackName
         RootStackId: !Ref AWS::StackId
         EnvironmentType: !Ref EnvironmentType
-        AwsOrganizationId: !Ref AwsOrganizationId
         NestedChangeSetScrubbingResourcesState: !Ref NestedChangeSetScrubbingResourcesState
       Tags:
         - { Key: prx:meta:tagging-version, Value: "2021-04-07" }
diff --git a/spire/templates/shared-dovetail-kinesis.yml b/spire/templates/shared-dovetail-kinesis.yml
index 4d6657942..dd94a7d54 100644
--- a/spire/templates/shared-dovetail-kinesis.yml
+++ b/spire/templates/shared-dovetail-kinesis.yml
@@ -9,7 +9,6 @@ Parameters:
   EnvironmentType: { Type: String }
   RootStackName: { Type: String }
   RootStackId: { Type: String }
-  AwsOrganizationId: { Type: String }
   NestedChangeSetScrubbingResourcesState: { Type: String }
 
 Conditions: