zilcuanu
Reputation: 3715
IAM users to restrict creating instances in a region
I want to create a IAM group and attach a policy so that any users who will be added to that group can only launch resources in ap-south region. How to create such a policy.
Upvotes: 1
Views: 121
Answers (1)
John Rotenstein
Reputation: 270224
There is no 'user-level setting' to restrict usage to a region.
Instead, any existing permissions that are being granted to the user need to be modified to specifically limit those permissions to the region.
If you have any existing policies that grant the user permission to launch resources, you will need to change those policies to include a condition such as:
"Condition": {
"StringEquals": {
"aws:RequestedRegion": "eu-central-1"
}
}
See: Easier way to control access to AWS regions using IAM policies | AWS Security Blog
Upvotes: 2
Related Questions
- restrict aws iam user to a specific region (eu-west-1)
- Hide regions not available to AWS IAM user
- Restricting access to AWS resources to one specific region
- block user to provision resources not in standard region (AWS)
- AWS policy to restrict all resources creation in one region and readonly in other regions
- Limiting Instance Type and Request Region in AWS
- AWS Amazon IAM user Policy to access ONLY one EC2 instance on EU-WEST-1 region
- Aws IAM user permission to specific region and to a particular server
- AWS IAM Permissions for EC2 – Controlling Access on Specific Instances with particular region
- IAM allowing a user to access everything for ec2 on a region