zilcuanu
zilcuanu

Reputation: 3715

IAM users to restrict creating instances in a region

I want to create a IAM group and attach a policy so that any users who will be added to that group can only launch resources in ap-south region. How to create such a policy.

Upvotes: 1

Views: 121

Answers (1)

John Rotenstein
John Rotenstein

Reputation: 270224

There is no 'user-level setting' to restrict usage to a region.

Instead, any existing permissions that are being granted to the user need to be modified to specifically limit those permissions to the region.

If you have any existing policies that grant the user permission to launch resources, you will need to change those policies to include a condition such as:

            "Condition": {
                "StringEquals": {
                    "aws:RequestedRegion": "eu-central-1"
                }
            }

See: Easier way to control access to AWS regions using IAM policies | AWS Security Blog

Upvotes: 2

Related Questions