I'm a sysadmin of a medium sized chain of Italian restaurants. While I'm not dealing with patient health records or financial information I am still security focused.
I'm trying to achieve tenant restrictions for Amazon AWS, similar to what I do for Outlook. I do not want users to log into personal AWS accounts, only the organization one (https://docs.microsoft.com/en-us/azure/active-directory/active-directory-tenant-restrictions)
For S3 buckets themselves I can limit PUTs and POSTs to them to prevent uploads on non-approved buckets. I want to prevent users from logging into a personal AWS account on the web console and uploading from there.
I'm using a proxy based solution for a SWG and can apply headers as needed.
Does some kind of header exist that I can shove into my S3 requests (or auth requests to AWS) that prevents people from logging in with personal accounts similar to what O365 provides?