config:PutOrganizationConfigRule is a Write access-level action in the config service. Grants permission to add or update organization config rule for your entire organization evaluating whether your AWS resources comply with your desired configurations
ARNs that config:PutOrganizationConfigRule can be scoped to in an IAM policy.
Keys you can use in the Condition block of a policy that grants config:PutOrganizationConfigRule.
Filters access by tag-value associated with the resource
To use config:PutOrganizationConfigRule you may also need to grant:
A minimal policy that allows config:PutOrganizationConfigRule. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowConfigPutOrganizationConfigRule",
"Effect": "Allow",
"Action": "config:PutOrganizationConfigRule",
"Resource": "*"
}
]
}