You're correct! StringNotEquals does indeed work as expected for your scenario, and ForAllValues serves a different purpose as you mentioned.

If sourceVpc is "vpc-111bbccc", the condition StringNotEquals with the provided array will return false.

StringNotEquals: This condition checks if the value of aws:sourceVpc is not equal to any of the values within the specified array. Array Values: The array contains "vpc-111bbccc" and "vpc-111bbddd". sourceVpc Value: In this case, sourceVpc is explicitly "vpc-111bbccc". Since the value of sourceVpc matches the first value in the array, the StringNotEquals condition evaluates to false.

I'd suggest considering updating the "Verified Answer" to reflect this accurate explanation to avoid any potential confusion for other users.