Cost Management and Resource Usage > Limit by Region > Validate policy effectiveness

Validate policy effectiveness

Validate the effectiveness of the policy by creating an EC2 instance in the allowed Region

Click on the name of the currently logged-in user.
- Click Sign out.

CostGovernance

Click Log back in

CostGovernance

At IAM user name enter the user we created (testuser).
- At Password enter the password we have set up (Testuser123).
- Click Sign in.

CostGovernance

If you failed to log in, please check the user and password information created in the previous steps. Also, make sure you use the correct AWS account ID when logging in.

Click Switch to the new Console Home to switch to the new interface.

CostGovernance

Click on the Region menu next to the login user name.
- Click on the Region where we have allowed testuser operations in the RegionRestrict policy.

CostGovernance

You have just performed the Region conversion. After converting Region, the resources you create will be in the Region you are using.

Click the search box, and click EC2 to go to the management interface of the EC2 service.

CostGovernance

Click Launch instance, then click Launch instance.

CostGovernance

At Name enter testserver

CostGovernance

At Key pair name, click in the Select box.
- Select **Proceed without a key pair (Not recommended)

CostGovernance

We will need key pair to be able to make a connection to the EC2 instance. In this lab, we just want to check the service permissions so we won’t need to connect to the EC2 instance.

Click Launch Instance.

CostGovernance

In this step, we have successfully created 1 EC2 instance with instance type t2.micro in Region Singapore. Next, we try to switch to another Region to check if we have permission to create a server in another Region or not.

CostGovernance

Try creating a server in another Region

Click on the Region menu next to the login user name.
- Click on the Region different from the Region that we have allowed the testuser’s operation in the RegionRestrict policy.

CostGovernance

Try setting Key pair or instance type.
- You will see that you do not have permission to create EC2 instances on this Region.

CostGovernance

Return to the original Region before performing the next step.

CostGovernance

Delete the created testserver

Check you are in the correct Region initially.
- Click Instances.

CostGovernance

At the list of EC2 instances.
- Click to select testserver.

CostGovernance

Click Instance state.
- Click Terminate instance to proceed to delete the virtual server testserver.

CostGovernance

Click Terminate to confirm.
Make sure you delete the instance successfully, avoiding unexpected costs.

CostGovernance

In this step, we have successfully created 1 EC2 instance with instance type t2.micro in Region Singapore. In the next section we will try to limit the creation of a specific instance