AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-07-25 · Documentation medium

File: prescriptive-guidance/latest/privacy-reference-architecture/require-access-from-specific-ip-addresses.md

Summary

Added IAM policy example with IP-based access restrictions

Security assessment

New example policy shows security control implementation for IP-based access limitations

Diff

diff --git a/prescriptive-guidance/latest/privacy-reference-architecture/require-access-from-specific-ip-addresses.md b/prescriptive-guidance/latest/privacy-reference-architecture/require-access-from-specific-ip-addresses.md
index 18d362fc3..db604199b 100644
--- a//prescriptive-guidance/latest/privacy-reference-architecture/require-access-from-specific-ip-addresses.md
+++ b//prescriptive-guidance/latest/privacy-reference-architecture/require-access-from-specific-ip-addresses.md
@@ -12,0 +13,28 @@ This policy allows the `john_stiles` user to assume IAM roles only if the call i
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Principal": {
+            "AWS": "arn:aws:iam::account-id:user/john_stiles"
+          },
+          "Action": "sts:AssumeRole"
+        },
+        {
+          "Effect": "Deny",
+          "Principal": {
+            "AWS": "arn:aws:iam::account-id:user/john_stiles"
+          },
+          "Action": "sts:AssumeRole",
+          "Condition": {
+            "NotIpAddress": {
+              "aws:SourceIp": [
+                "192.0.2.0/24",
+                "203.0.113.0/24"
+              ]
+            }
+          }
+        }
+      ]
+    }
+