...
Add this policy to a managed policy, user, role, or group to restrict the scope of EC2 activity to just us-east-1 AWS region. Since it is a DENY rule, it would override any ALLOW rules in the policy, user, role, or group.
Code Block |
---|
{ "Version": "2012-10-17", "Statement": [ { "Condition": { "StringNotEquals": { "ec2:Region": "us-east-1" } }, "Action": "ec2:*", "Resource": "*", "Effect": "Deny" } ] } |