houey/scp_data_perimeter_draft

## scp_data_perimeter_draft
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "NotAction": [
        "dax:*",
        "es:ESHttp*"
      ],
      "Resource": "*",
      "Effect": "Deny",
      "Condition": {
        "NotIpAddress": {
          "aws:SourceIp": [
            "<CIDR1>",
            "<CIDR2>"
          ]
        },
        "StringNotEquals": {
          "aws:ec2InstanceSourceVPC": "${aws:SourceVpc}"
        },
        "Null": {
          "ec2:SourceInstanceARN": false,
          "aws:PrincipalTag/iam-reserved:IP-Restriction": true
        },
        "Bool": {
          "aws:ViaAWSService": false
        },
        "ArnNotLike": {
          "aws:PrincipalArn": "arn:aws:iam::*:role/aws:ec2-infrastructure"
        }
      }
    }
  ]
}
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"NotAction": [
	"dax:*",
	"es:ESHttp*"
	],
	"Resource": "*",
	"Effect": "Deny",
	"Condition": {
	"NotIpAddress": {
	"aws:SourceIp": [
	"<CIDR1>",
	"<CIDR2>"
	]
	},
	"StringNotEquals": {
	"aws:ec2InstanceSourceVPC": "${aws:SourceVpc}"
	},
	"Null": {
	"ec2:SourceInstanceARN": false,
	"aws:PrincipalTag/iam-reserved:IP-Restriction": true
	},
	"Bool": {
	"aws:ViaAWSService": false
	},
	"ArnNotLike": {
	"aws:PrincipalArn": "arn:aws:iam::*:role/aws:ec2-infrastructure"
	}
	}
	}
	]
	}