AWS prescriptive-guidance documentation change
Summary
Added IAM policy example with IP-based access restrictions
Security assessment
New example policy shows security control implementation for IP-based access limitations
Diff
diff --git a/prescriptive-guidance/latest/privacy-reference-architecture/require-access-from-specific-ip-addresses.md b/prescriptive-guidance/latest/privacy-reference-architecture/require-access-from-specific-ip-addresses.md index 18d362fc3..db604199b 100644 --- a//prescriptive-guidance/latest/privacy-reference-architecture/require-access-from-specific-ip-addresses.md +++ b//prescriptive-guidance/latest/privacy-reference-architecture/require-access-from-specific-ip-addresses.md @@ -12,0 +13,28 @@ This policy allows the `john_stiles` user to assume IAM roles only if the call i + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::account-id:user/john_stiles" + }, + "Action": "sts:AssumeRole" + }, + { + "Effect": "Deny", + "Principal": { + "AWS": "arn:aws:iam::account-id:user/john_stiles" + }, + "Action": "sts:AssumeRole", + "Condition": { + "NotIpAddress": { + "aws:SourceIp": [ + "192.0.2.0/24", + "203.0.113.0/24" + ] + } + } + } + ] + } +