List all active AWS IAM Access Analyzer external access findings with the organization as zone of trust. You can use this query to accelerate implementation of the identity perimeter controls on your resources. You can use the global condition key aws:PrincipalOrgId to limit access to your resources to principals belonging to your AWS organization.
This query extracts all AWS SecurityHub findings tied to IAM Access Analyzer external access findings with the organization as zone of trust. Note that (1) IAM Access Analyzer external access findings failing in error are not sent to SecurityHub and (2) IAM Access Analyzer external access findings in SecurityHub contains only one external principal even if the resource-based policy allows multiple principals. You can use this query to accelerate implementation of the identity perimeter controls on your resources. You can use the global condition key aws:PrincipalOrgId to limit access to your resources to principals belonging to your AWS organization.