Reputation: 3715
I want to create a IAM group and attach a policy so that any users who will be added to that group can only launch resources in ap-south
region. How to create such a policy.
Upvotes: 1
Views: 121
Reputation: 270224
There is no 'user-level setting' to restrict usage to a region.
Instead, any existing permissions that are being granted to the user need to be modified to specifically limit those permissions to the region.
If you have any existing policies that grant the user permission to launch resources, you will need to change those policies to include a condition such as:
"Condition": {
"StringEquals": {
"aws:RequestedRegion": "eu-central-1"
}
}
See: Easier way to control access to AWS regions using IAM policies | AWS Security Blog
Upvotes: 2