Skip to content

Instantly share code, notes, and snippets.

@s0enke

s0enke/manifest.yaml

Created May 14, 2019
Embed
What would you like to do?
Restrict AWS Org to Regions
# Landing Zone Service Control Policies
organization_policies:
...
- name: restrict-to-eu
description: Restrict to EU regions
policy_file: policies/restrict_to_eu_regions.json
#Apply to accounts in the following OU(s)
apply_to_accounts_in_ou:
- core
- applications
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyAllOutsideEU",
"Effect": "Deny",
"NotAction": [
"cloudfront:*",
"iam:*",
"route53:*",
"support:*",
"billing:*",
"cloudtrail:*",
"a4b:*",
"budgets:*",
"ce:*",
"chime:*",
"cur:*",
"globalaccelerator:*",
"health:*",
"importexport:*",
"mobileanalytics:*",
"organizations:*",
"shield:*",
"trustedadvisor:*",
"waf:*",
"wellarchitected:*"
],
"Resource": "*",
"Condition": {
"StringNotEquals": {
"aws:RequestedRegion": [
"eu-central-1",
"eu-west-1"
]
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment