AWS Identity and Access Management (IAM) now makes it easier for you to control access to your AWS resources by using the AWS organization of IAM principals (users and roles). You can use a new condition key, aws:PrincipalOrgID, in your permissions policy to require all IAM principals (users and roles) accessing your resources, to be from an account in your organization.