Policy: OCI > Networking > Security List > Allowed > Region
Determine the action to take when an OCI Networking security list is created in a region that is not allowed.
The Allowed > Region control checks if the security list is created in an allowed region based on the Allowed > Region > * policies. If the security list is created in a region that is not in the allowed list, the control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new, e.g., Enforce: Delete if region not allowed and resource is new, the control will only take the enforcement actions for resources created within the last 60 minutes.
Note: Most OCI resources are compartment-scoped rather than region-scoped. This control applies to regional resources or checks the region metadata for compartment-scoped resources.
Targets
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Related Policies
Controls
Setting this policy configures this control:
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Examples [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/resourceAllowed
- tmod:@turbot/oci-networking#/policy/types/securityListAllowedRegion
- turbot graphql policy-type --id "tmod:@turbot/oci-networking#/policy/types/securityListAllowedRegion"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/oci-networking#/policy/types/securityListAllowedRegion"
Get Policy TypeGet Policy Settings