Control: OCI > Networking > Security List > Allowed > Region

Take an action when an OCI Networking security list is created in a region that is not allowed.

The Allowed > Region control checks if the security list is created in an allowed region based on the Allowed > Region > * policies. If the security list is created in a region that is not in the allowed list, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete if region not allowed and security list is new, this control will only take the enforcement actions for resources created within the last 60 minutes.

Note: Most OCI resources are compartment-scoped rather than region-scoped. This control applies to regional resources or checks the region metadata for compartment-scoped resources.

Resource Types

This control targets the following resource types:

OCI > Networking > Security List

Policies

The following policies can be used to configure this control:

OCI > Networking > Security List > Allowed > Region

This control type relies on these other policies when running actions:

OCI > Networking > Security List > Allowed > Region > Regions

In Your Workspace

Developers

Control Type URI

tmod:@turbot/oci-networking#/control/types/securityListAllowedRegion

Category URI

tmod:@turbot/turbot#/control/categories/resourceAllowed

GraphQL

query controlType(id: "tmod:@turbot/oci-networking#/control/types/securityListAllowedRegion") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/oci-networking#/control/types/securityListAllowedRegion'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/oci-networking#/control/types/securityListAllowedRegion"