Versions Compared

Old Version 4

changes.mady.by.user Paul Allen

Saved on

compared with

New Version 5

changes.mady.by.user Paul Allen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Restrict Request Source to Cornell Campus IPs

Here's a simple IAM policy that you can add to any existing IAM Group, User, or Role to ensure that the role is only utilized from a computer that has a Cornell public IP address

...

Code Block
{
    "Version": "2012-10-17",
    "Statement": {
        "Effect": "Deny",
        "Action": "*",
        "Resource": "*",
        "Condition": {
            "NotIpAddress": {
                "aws:SourceIp": [
                    "128.84.0.0/16",
                    "128.253.0.0/16",
                    "132.236.0.0/16",
                    "192.35.82.0/24",
                    "192.122.235.0/24",
                    "192.122.236.0/24"
                ]
            }
        }
    }
}

Restrict Scope of EC2 to One AWS Region

Add this policy to a managed policy, user, role, or group to restrict the scope of EC2 activity to just us-east-1 AWS region.

Code Block
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Condition": {
                "StringNotEquals": {
                    "ec2:Region": "us-east-1"
                }
            },
            "Action": "ec2:*",
            "Resource": "*",
            "Effect": "Deny"
        }
    ]
}