ServiceNow CMDB CI relationship sync: faster, more complete →
Policy Packs
Deny all AWS IAM actions from Unapproved Networks

Policy Settings

The Deny all AWS IAM actions from Unapproved Networks policy pack has 4 policy settings:

PolicySettingNote
AWS > IAM > Role > BoundaryCalculated
AWS > IAM > Role > Boundary > PolicymyBoundaryPolicy
AWS > IAM > StackCheck: Configured
AWS > IAM > Stack > Source ### Deny Actions from unapproved CIDRs ### resource "aws_iam_policy" "main" { # Boundary policy name that will be applied to the IAM role. name = "myBoundaryPolicy" path = "/" description = "Guardrails Managed Boundary policy to prevent actions from unapproved CIDRs" policy = jsonencode({ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "*" "Resource": "*", "Condition": { "IpAddress": { "aws:SourceIp": [ "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ] } } } ] }) }