AWS Global Condition Keys

[jsoncow]

I know SNS has aws:SourceOwner as an available key for SNS. However, I don’t see this in any AWS documentation (For SNS keys or global keys). This is in the default SNS access policy applied to topics.

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#AvailableKeys

[stephswo]

Thanks! I wasn't aware of this one. I'll look into it.

[tamakisquare]

@stephswo Any plan to add a formal definition for aws:SourceOwner to the documentation?

[stephswo]

I’ll check with the service team and see if that’s something the team wants to publish. Stephenie Swope Senior Technical Writer and Manager, AWS Identity From: tamakisquare <notifications@github.com> Reply-To: awsdocs/iam-user-guide <reply@reply.github.com> Date: Thursday, October 22, 2020 at 8:38 AM To: awsdocs/iam-user-guide <iam-user-guide@noreply.github.com> Cc: "Swope, Stephenie" <stephswo@amazon.com>, Mention <mention@noreply.github.com> Subject: Re: [awsdocs/iam-user-guide] AWS Global Condition Keys (#111) @stephswo<https://github.com/stephswo> Any plan to add a formal definition for aws:SourceOwner to the documentation? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#111 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AHYC737A24QV5KVA3NVKKELSMBGYRANCNFSM4HB4VLJA>.

[ecerulm]

@stephswo , still aws:SourceOwner is not documented at https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#AvailableKeys, has it been decided that it's not going to be documented there? If so ,then maybe it would be good to say so here and close the issue.

[bonniekeller]

Thanks so much for the contributions. We don't plan to document aws:SourceOwner. aws:SourceAccount was introduced as the preferred replacement.

[iugrina]

@bonniekeller The default policy created by AWS when creating a new topic through the Web Console includes "AWS:SourceOwner" so I'm not sure if you need to change that since "aws:SourceAccount was introduced as the preferred replacement.". IMHO this is a bit suboptimal for those trying to understand access policies for topics :(

[bonniekeller]

@iugrina I've passed your feedback along to the SNS team. My understanding is that they supported aws:SourceOwner before aws:SourceAccount was introduced.