AWS Account Management (account)

2021-10-02

3 new actions, 2 new resources, 3 new conditions

Additions

    Actions
  • DeleteAlternateContact
    • Description:  Grants permission to delete the alternate contacts for an account
    • Access:  Write
    • Resources: 

      Name: account

      Required: No

      Name: accountInOrganization

      Required: No

  • GetAlternateContact
    • Description:  Grants permission to retrieve the alternate contacts for an account
    • Access:  Read
    • Resources: 

      Name: account

      Required: No

      Name: accountInOrganization

      Required: No

  • PutAlternateContact
    • Description:  Grants permission to modify the alternate contacts for an account
    • Access:  Write
    • Resources: 

      Name: account

      Required: No

      Name: accountInOrganization

      Required: No

    Resources
  • account
    • Arn:  arn:${Partition}:account::${Account}:account
  • accountInOrganization
    • Arn:  arn:${Partition}:account::${ManagementAccountId}:account/o-${OrganizationId}/${MemberAccountId}
    Conditions
  • account:AccountResourceOrgPaths
    • Description:  Filters access by the resource path for an account in an organization
    • Type:  ArrayOfString
  • account:AccountResourceOrgTags/${TagKey}
    • Description:  Filters access by resource tags for an account in an organization
    • Type:  ArrayOfString
  • account:AlternateContactTypes
    • Description:  Filters access by alternate contact types
    • Type:  ArrayOfString