Versions Compared

Old Version 6

changes.mady.by.user Paul Allen

Saved on

compared with

New Version Current

changes.mady.by.user Daniel P Klinger

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Add this policy to a managed policy, user, role, or group to restrict the scope of EC2 activity to just us-east-1 AWS region. Since it is a DENY rule, it would override any ALLOW rules in the policy, user, role, or group.

Code Block
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Condition": {
                "StringNotEquals": {
                    "ec2:Region": "us-east-1"
                }
            },
            "Action": "ec2:*",
            "Resource": "*",
            "Effect": "Deny"
        }
    ]
}

Attribute Based Access Control (ABAC)

Restricting access to resources based on tag values of the principal (IAM user or role) may be beneficial in certain scenarios. Please review our ABAC documentation for more detailed information.