En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

AWS Organizations - Control Access To All Accounts By ISO3166 Region

0

Hello Team - is there a way to limit logging into any AWS account in Control Tower/Organizations by regions based on ISO 3166? As an example, i dont want anyone from an European IP address to log into any AWS Account in Organizations? I know with SCPs, you can use policies based on IP address, but is there a more wholistic way?

Sujets
Sécurité, identité et conformitéGestion et gouvernance
Balises
Gestion des identités et des accès AWSOrganisations AWS
Langue
English
AWS-User-arudani
demandé il y a 2 ans268 vues
1 réponse
0

From the case question I understand that you would like to know if there is a way to limit access to the AWS console by geographic region such as using ISO 3166 codes.

Currently the best way to achieve that would be to restrict access to specific IP addresses with a Service Control Policy. I am attaching the following documentation that goes over this here [1]. There currently isn't another condition like "NotIpAddress" which can be used in order to limit access to the AWS console to specific countries or geographic regions.

I hope you have a great rest of your day!

References

[1] https://aws.amazon.com/premiumsupport/knowledge-center/iam-restrict-calls-ip-addresses/

AWS
INGÉNIEUR EN ASSISTANCE TECHNIQUE
Patrick_V
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents