Table of Contents |
---|
...
Restrict Request Source to Cornell Campus IPs
Here's a simple IAM policy that you can add to any existing IAM Group, User, or Role to ensure that the role is only utilized from a computer that has a Cornell public IP address.
...
Code Block |
---|
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"NotIpAddress": {
"aws:SourceIp": [
"128.84.0.0/16",
"128.253.0.0/16",
"132.236.0.0/16",
"192.35.82.0/24",
"192.122.235.0/24",
"192.122.236.0/24"
]
}
}
}
} |
Restrict Scope of EC2 to One AWS Region
Add this policy to a managed policy, user, role, or group to restrict the scope of EC2 activity to just us-east-1 AWS region.
Code Block |
---|
{
"Version": "2012-10-17",
"Statement": [
{
"Condition": {
"StringNotEquals": {
"ec2:Region": "us-east-1"
}
},
"Action": "ec2:*",
"Resource": "*",
"Effect": "Deny"
}
]
} |