Policy: AWS > Glacier > Trusted Organizations [Default]

List of AWS Organizations that are trusted for access in the AWS Glacier policy.

This policy is used by the Trusted Access control to determine which members of type "organization" are allowed to be granted access. You may use the '*' and '?' wildcard characters.

example: - "o-333333333" - "o-c3a5y4wd52"

Note: Trusted Access > Organization Restrictions are ONLY applied to AWS principals. Services and Federated principals do NOT contain the aws:PrincipalOrgId condition key, and thus cannot be validated against the Organization.

Setting the policy to Empty array will remove all organizations.

Resource Types

This policy targets the following resource types:

AWS > Account

Policy Specification

Schema Type	`array`
Default template	`{% if $.trustedOrganizations.value \| length == 0 %}[]{% else %}{% for item in $.trustedOrganizations.value %}- '{{ item }}' {% endfor %}{% endif %}`
Default template input	`\| { trustedOrganizations: policyValue(uri:"tmod:@turbot/aws#/policy/types/trustedOrganizations") { value } }`

Schema Type

array

Default template

{% if $.trustedOrganizations.value | length == 0 %}[]{% else %}{% for item in $.trustedOrganizations.value %}- '{{ item }}'
{% endfor %}{% endif %}

Default template input

|
  {
    trustedOrganizations: policyValue(uri:"tmod:@turbot/aws#/policy/types/trustedOrganizations") {
      value
    }
  }

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/securityTrustedAccess

Policy Type URI

tmod:@turbot/aws-glacier#/policy/types/glacierPolicyTrustedOrganizations

GraphQL

query policyType(id: "tmod:@turbot/aws-glacier#/policy/types/glacierPolicyTrustedOrganizations") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-glacier#/policy/types/glacierPolicyTrustedOrganizations'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-glacier#/policy/types/glacierPolicyTrustedOrganizations'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-glacier#/policy/types/glacierPolicyTrustedOrganizations"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-glacier#/policy/types/glacierPolicyTrustedOrganizations"