Using Lambda and “aws:PrincipalOrgID” to centrally manage AWS Cloudwatch alarms at scale.

When AWS announced the introduction of the aws:PricipalOrgID attribute in resource-based policies, it became a lot easier to secure cross-account access to resources within an AWS Organization. It also helped in making these resource policies low maintenance! A practical application is shown below where multiple users and roles from separate accounts within the same AWS … Read more