Policy: AWS > Turbot > Permissions > Lockdown > Regions

Define a list of regions to which API calls can be made. Any API to any region that does not appear in this list will be explicitly denied. The '*' wildcard may be used in these values.

Targets

This policy targets the following resource types:

AWS > Account

Primary Policy

This policy is used with the following primary policy:

AWS > Turbot > Permissions > Lockdown

Policy Specification

Default template	`{% if $.regions.value \| length == 0 %} [] {% endif %}{% for item in $.regions.value %}- '{{ item }}'{{ ' ' }}{% endfor %}`
Default template input	`\| { regions: policyValue(uri:"tmod:@turbot/aws#/policy/types/approvedRegionsDefault") { value } }`

Default template

{% if $.regions.value | length == 0 %} [] {% endif %}{% for item in $.regions.value %}- '{{ item }}'{{ '
' }}{% endfor %}

Default template input

|
  {
    regions: policyValue(uri:"tmod:@turbot/aws#/policy/types/approvedRegionsDefault") {
      value
    }
  }

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/iamPermissions

Policy Type URI

tmod:@turbot/aws-iam#/policy/types/permissionsLockdownRegions

GraphQL

query policyType(id: "tmod:@turbot/aws-iam#/policy/types/permissionsLockdownRegions") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-iam#/policy/types/permissionsLockdownRegions'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-iam#/policy/types/permissionsLockdownRegions'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-iam#/policy/types/permissionsLockdownRegions"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-iam#/policy/types/permissionsLockdownRegions"