Restricting access to a specific Amazon WorkDocs instance

If you have multiple Amazon WorkDocs sites on an AWS account and you want to grant API access to a specific site, you can define a Condition element. The Condition element lets you specify conditions for when a policy is in effect.

The following example shows a condition element:


    "Condition": 
    {
                "StringEquals": {
                    "Resource.OrganizationId": "d-123456789c5"
                }
    }

With the above condition in place in a policy, users can only access the Amazon WorkDocs instance with the ID of d-123456789c5. Amazon WorkDocs Instance ID is sometimes referred as Organization ID or Directory ID. For more information, see Restricting access to a specific Amazon WorkDocs instance.

Follow these steps to obtain a Amazon WorkDocs organization ID from the AWS console:

To get an organization ID

In the AWS Directory Service console navigation pane, choose Directories.
Note the Directory ID value that corresponds to your Amazon WorkDocs site. That is the Organization ID for the site.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Granting users permission to assume an IAM role

Authentication and access control for user applications