'Can I grant lambda access to other accounts using Organization Unit IDs?

I want to create a lambda that will exist in one central account and that will get invoked by other accounts within my Organization. I know it is possible to grant access for another individual account to invoke a lambda using a resource policy, but can I grant access to all accounts in my Organization using Organization Unit IDs somehow? If so, how?

Ideally I want to make it so as new accounts get added in my Organization they will automatically have access to invoke the lambda without requiring me to update the policy and grant them access via the individual account ID.

aws-lambdaaws-organizations


Solution 1:[1]

In the Principal part of the resource policy, you can only provide AWS accounts, users, roles etc but no organizational units. However, there is a condition called aws:PrincipalOrgPaths which I think can help you achieve what you want.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 stijndepestel

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function