Back

Explore Courses Blog Tutorials Interview Questions

IAM create policy allowing only one region but all global services necessary

0 votes
2 views
in AWS by (5.6k points)

I want to limit the usage of AWS account to a single region but allowing the global services, but the below simple statement and not enough for my purpose:

{

    "Sid": "DisableRegions",

    "Effect": "Deny",

    "Action": "*",

    "Resource": "*",

    "Condition": {

        "StringNotEquals": {

            "aws:RequestedRegion": [

                "eu-central-1"

            ]

        }

    }

}

Also, I would have an S3 bucket in this region.

Any help!

1 Answer

0 votes
by (12.4k points)
edited by

You can refer to the below sample code:

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Sid": "AdministratorAccessForRegionFrankfurt",

            "Effect": "Allow",

            "Action": "*",

            "Resource": "*",

            "Condition": {

                "StringEquals": {

                    "aws:RequestedRegion": [

                        "eu-central-1"

                    ]

                }

            }

        },

        {

            "Sid": "AllowGlobalServices",

            "Effect": "Allow",

            "Action": [

                "aws-portal:*",

                "awsbillingconsole:*",

                "iam:*",

                "sts:*",

                "health:*",

                "support:*",

                "budgets:*",

                "cloudfront:*",

                "organizations:*",

                "trustedadvisor:*",

                "shield:*",

                "waf:*",

                "waf-regional:*",

                "route53:*",

                "route53domains:*",

                "tag:*",

                "resource-groups:*",

                "s3:Get*",

                "s3:List*",

                "s3:Head*",

                "glacier:List*",

                "glacier:Describe*",

                "glacier:Get*"

            ],

            "Resource": "*"

        },

        {

            "Sid": "AllowACMInUSEastAsWell",

            "Effect": "Allow",

            "Action": "acm:*",

            "Resource": "*",

            "Condition": {

                "StringEquals": {

                    "aws:RequestedRegion": [

                        "us-east-1"

                    ]

                }

            }

        }

    ]

}

Hope this works.

Do Check out the AWS Certification Course offered by Intellipaat.

Related questions

0 votes
1 answer
Create IAM role only with managed CloudFormation policy
asked Jan 13, 2021 in AWS by devin (5.6k points)

Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

0 votes
1 answer
Create a read only IAM user in AWS
asked Dec 1, 2020 in AWS by devin (5.6k points)
0 votes
1 answer
Which IAM policy provides permissions to resolve issues with AWS?
asked Oct 28, 2020 in AWS by Sudhir_1997 (55.6k points)

Browse Categories

© COPYRIGHT 2011-2023 INTELLIPAAT.COM. ALL RIGHTS RESERVED.

Download Salary Trends Now !

Learn how professionals like you got up to 100% Salary Hike.

...