Intellipaat Back

Explore Courses Blog Tutorials Interview Questions
0 votes
2 views
in AWS by (5.6k points)

I want to limit the usage of AWS account to a single region but allowing the global services, but the below simple statement and not enough for my purpose:

{

    "Sid": "DisableRegions",

    "Effect": "Deny",

    "Action": "*",

    "Resource": "*",

    "Condition": {

        "StringNotEquals": {

            "aws:RequestedRegion": [

                "eu-central-1"

            ]

        }

    }

}

Also, I would have an S3 bucket in this region.

Any help!

1 Answer

0 votes
by (12.4k points)
edited by

You can refer to the below sample code:

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Sid": "AdministratorAccessForRegionFrankfurt",

            "Effect": "Allow",

            "Action": "*",

            "Resource": "*",

            "Condition": {

                "StringEquals": {

                    "aws:RequestedRegion": [

                        "eu-central-1"

                    ]

                }

            }

        },

        {

            "Sid": "AllowGlobalServices",

            "Effect": "Allow",

            "Action": [

                "aws-portal:*",

                "awsbillingconsole:*",

                "iam:*",

                "sts:*",

                "health:*",

                "support:*",

                "budgets:*",

                "cloudfront:*",

                "organizations:*",

                "trustedadvisor:*",

                "shield:*",

                "waf:*",

                "waf-regional:*",

                "route53:*",

                "route53domains:*",

                "tag:*",

                "resource-groups:*",

                "s3:Get*",

                "s3:List*",

                "s3:Head*",

                "glacier:List*",

                "glacier:Describe*",

                "glacier:Get*"

            ],

            "Resource": "*"

        },

        {

            "Sid": "AllowACMInUSEastAsWell",

            "Effect": "Allow",

            "Action": "acm:*",

            "Resource": "*",

            "Condition": {

                "StringEquals": {

                    "aws:RequestedRegion": [

                        "us-east-1"

                    ]

                }

            }

        }

    ]

}

Hope this works.

Do Check out the AWS Certification Course offered by Intellipaat.

Related questions

0 votes
1 answer
Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

0 votes
1 answer
asked Dec 1, 2020 in AWS by devin (5.6k points)
0 votes
1 answer

31k questions

32.8k answers

501 comments

693 users

Browse Categories

...