Create restriction policy
Create policy to limit resource usage by Region
- After creating user successfully. In the left hand menu, click Policies.
- At the Policies page.
- Click Create Policy.
- At the Create policy page.
- Click tab JSON.
- Copy and Paste the policy content below.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:*",
"rds:*",
"s3:*"
],
"Resource": "*",
"Condition": {"StringEquals": {"aws:RequestedRegion": "ap-southeast-1"}}
}
]
}
You can change the Region information in the above policy to suit the Region to which you want to authorize EC2, RDS and S3 services.
- Click Next: Tags.
- Click Next: Review.
- At Review policy page.
- Set Name as RegionRestrict.
- Set Description* to EC2, RDS, S3 access in a single Region only.
- Click Create policy.
- Make sure the RegionRestrict policy is created successfully.
In the next step, we will assign the policy to the CostTest group and then test the effectiveness of this policy.