david
Reputation: 1
block user to provision resources not in standard region (AWS)
I want to know any possibility to avoid users to provision any resources in all AWS regions, except one for example ap-southeast-1.
I want nobody can provision any resources in all the AWS regions, only one region which is ap-southeast-1.
Thanks
Upvotes: 0
Views: 197
Answers (1)
Atul Sharma
Reputation: 10645
Yes, you can create an IAM policy and attach it to users whose regions you want to restrict.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"StringNotEquals": {
"aws:RequestedRegion": [
"ap-southeast-1"
]
}
}
}]
}
This policy will restrict access to ap-southeast-1 only.
Upvotes: 2
Related Questions
- restrict aws iam user to a specific region (eu-west-1)
- Hide regions not available to AWS IAM user
- IAM users to restrict creating instances in a region
- Restricting access to AWS resources to one specific region
- AWS policy to restrict all resources creation in one region and readonly in other regions
- AWS resources hide/disable for IAM users
- AWS IAM Role Policy Resource Restriction
- Restrict s3 bucket access to specific regions
- Aws IAM user permission to specific region and to a particular server