I want to create a lambda that will exist in one central account and that will get invoked by other accounts within my Organization. I know it is possible to grant access for another individual account to invoke a lambda using a resource policy, but can I grant access to all account in my Organization using Organization Unit IDs somehow? If so, how?
Ideally I want to make it so as new accounts get added in my Organization they will automatically have access to invoke the lambda without requiring me to update the policy and grant them access via the individual account ID.
