kms: 阻止组织外使用KMS
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"kms:*"
],
"Resource": "*",
"Condition": {
"StringNotEqualsIfExists": {
"aws:PrincipalOrgID": "<o-xxxxxxx>"
}
}
}
]
}最后更新于