Policy: AWS > Turbot > Permissions > Lockdown > Region Boundary
Define a list of regions to which API calls can be made. Any API to any region that does not appear in this list will be explicitly denied. The '*' wildcard may be used in these values.
Note that this policy disables the region for ALL users and roles, and Guardrails will have no access to any regions that do not appear in the list.
Global services (such as IAM) are not subject to the Region Boundary
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Policy Specification
Schema Type |
|
---|---|
Default |
|
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/iamPermissions
- tmod:@turbot/aws-iam#/policy/types/permissionsLockdownRegionBoundary
- turbot graphql policy-type --id "tmod:@turbot/aws-iam#/policy/types/permissionsLockdownRegionBoundary"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-iam#/policy/types/permissionsLockdownRegionBoundary"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI