I want to grant publish access to an SNS topic to all root principals from my organization, similarly to what's described in the AWS Blog here.
{
"Sid": "AllowPublish",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": "sns:Publish",
"Resource": "arn:aws:sns:eu-central-1:........",
"Condition": {
"StringEquals": {
"aws:PrincipalOrgID": "o-xxxxxxxxxx"
}
}
}
The principals field doesn't allow wildcards in the arn, and if I wildcard it for all, it gives access to other principals from the accounts as well.
Is there a way to achieve this without explicitly specifying the principal of each account?