Add support for `aws:PrincipalOrgID`

Question

Add support for `aws:PrincipalOrgID`

Closed this issue 6 years ago · 1 comments

https://github.com/Netflix-Skunkworks/policyuniverse/blob/master/policyuniverse/statement.py#L140

The condition parsing logic should support Organizations in addition to the current fields:

      {
        "Resource": "arn:aws:s3:::somebucket/*",
        "Effect": "Allow",
        "Action": "s3:GetObject",
        "Condition": {
          "StringEquals": {
            "aws:PrincipalOrgID": "o-xxxxxxxxxx"
          }
        },
        "Principal": {
          "AWS": "*"
        }
      }

scriptsrc commented 6 years ago

Fixed.