Organizations-related condition keys for IAM policies now available in AWS China Regions

AWS Identity and Access Management (IAM) now supports the ability to refine permissions policies based on the organizational unit (OU) or organization ID in [AWS Organizations](/organizations/) of the principal or resource for IAM policies in the AWS China (Beijing) region, operated by Sinnet, and the AWS China (Ningxia) region, operated by NWCD. With these new IAM capabilities, you now can author IAM policies to enable your principals to access only resources inside specific OUs, or organizations. The new capabilities include condition keys for the IAM policy language called aws:PrincipalOrgID, aws:PrincipalOrgPaths, aws:ResourceOrgID, and aws:ResourceOrgPaths. The new keys support a wide variety of services and actions, so you can apply similar controls across different use cases. For example, consider an [Amazon Simple Storage Service (Amazon S3) bucket policy](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) that you want to restrict access to principals associated with AWS accounts inside of your organization. Now, you can use the aws:PrincipalOrgID condition and set the value to your [organization ID](https://docs.aws.amazon.com/organizations/latest/userguide/orgs%5Fmanage%5Forg%5Fdetails.html) in the condition element of your policy. For more information about the new condition keys, see the [IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference%5Fpolicies%5Fcondition-keys.html).