I really like this newish (late August) AWS / VPC / IAM feature. You can now use three new global condition keys to control access to your AWS resources from: * VPC endpoints that belong to a specific AWS account * VPC endpoints that belong to a specific Organizational Unit (OU) within an AWS Organization * VPC endpoints that belong to a specific AWS Organization These new keys allow you to exercise control in a way that is easier and more scalable since you no longer need to create and maintain long lists of specific resources. To learn more, read the blog post "Use scalable controls to help prevent access from unexpected networks" at https://lnkd.in/gaWFX5tq from my colleagues Sowjanya Rajavaram and Tatyana Yatskevich.
Thanks for the diagram, really useful
Wonder how does it compliment data sharing AWS Lakeformation?
Thanks for sharing Jeff!
Thanks for sharing Jeff! This is awesome, we’ve been waiting for VpceOrgId condition for quite some time.
Jeff Barr thanks for sharing
Thanks for sharing 🙏🙏
AWS Korea Cloud Architect, Security & Governance Consultant
2dGreat!