AWS Organizations - Control Access To All Accounts By ISO3166 Region

0

Hello Team - is there a way to limit logging into any AWS account in Control Tower/Organizations by regions based on ISO 3166? As an example, i dont want anyone from an European IP address to log into any AWS Account in Organizations? I know with SCPs, you can use policies based on IP address, but is there a more wholistic way?

1 Answer
0

From the case question I understand that you would like to know if there is a way to limit access to the AWS console by geographic region such as using ISO 3166 codes.

Currently the best way to achieve that would be to restrict access to specific IP addresses with a Service Control Policy. I am attaching the following documentation that goes over this here [1]. There currently isn't another condition like "NotIpAddress" which can be used in order to limit access to the AWS console to specific countries or geographic regions.

I hope you have a great rest of your day!

References

[1] https://aws.amazon.com/premiumsupport/knowledge-center/iam-restrict-calls-ip-addresses/

AWS
SUPPORT ENGINEER
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions