terraform iam group aws api mfa protected plus ip lockdown

mfa_ip_lockdown.tf

resource "aws_iam_group" "ec2Admins" {
  name = "ec2Admins"
}

resource "aws_iam_group_policy" "force_MFA_on_apikeys_policy" {
  name       = "force_MFA_on_apikeys_policy"
  group      = "${aws_iam_group.ec2Admins.id}"
  depends_on = ["aws_iam_group.ec2Admins"]

  policy     = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:*",
      "Resource": "*",
      "Condition": {
        "Bool": {
          "aws:MultiFactorAuthPresent": "true"
        },
        "IpAddress": {
          "aws:SourceIp": [
            "my.office.ip.address/32"
          ]
        }
      }
    }
  ]
}
EOF
}