AWS: Denies access to AWS based on the requested Region
Revision as of 14:42, 19 February 2024 by Welcome (talk | contribs) (→Example for 1 region without NotAction)
Official AWS policy[edit]
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DenyAllOutsideRequestedRegions", "Effect": "Deny", "NotAction": [ "cloudfront:*", "iam:*", "route53:*", "support:*" ], "Resource": "*", "Condition": { "StringNotEquals": { "aws:RequestedRegion": [ "eu-central-1", "eu-west-1", "eu-west-2", "eu-west-3" ] } } } ] }
Example for 1 region using Action instead of NotAction[edit]
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DenyAllOutsideRequestedRegions", "Effect": "Deny", "Action": "*", "Resource": "*", "Condition": { "StringNotEquals": { "aws:RequestedRegion": [ "us-east-1", ] } } } ] }
See also[edit]
- Terraform resource:
aws_iam_policy
,AmazonECSTaskExecutionRolePolicy
- AWS policies: managed policies, Job functions, AWS trust policy, AWS Service Control Policy (SCP), Resource-based policies, Identity-based policies,
"Resource":
, Job function, AWS Policy Generator,s3:, lambda:, cloudwatch:, AWSSecretsManagerReadWriteAccess
- Amazon regions, Cross-region, Global View,
aws account disable-region
Advertising: