Skip to content

Commit

Permalink
MESG-2877 add sourceAccount condition to trust policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@NikolayMetchev
NikolayMetchev committed Sep 19, 2024
1 parent 0712a7f commit 0510bf0
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions iam.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,12 @@ data "aws_iam_policy_document" "assume_role" {
variable = "aws:SourceArn"
values = var.trusted_entities_assume_role_source_arns
}

condition {
test = "ForAnyValue:StringEquals"
variable = "aws:SourceAccount"
values = [data.aws_caller_identity.current.account_id]
}
}

dynamic "statement" {
Expand Down

0 comments on commit 0510bf0

Please sign in to comment.