Policy Settings
The Deny all AWS IAM actions from Unapproved Networks policy pack has 4 policy settings:
| Policy | Setting | Note |
|---|---|---|
| AWS > IAM > Role > Boundary | Calculated | |
| AWS > IAM > Role > Boundary > Policy | myBoundaryPolicy | |
| AWS > IAM > Stack | Check: Configured | |
| AWS > IAM > Stack > Source | ### Deny Actions from unapproved CIDRs ### resource "aws_iam_policy" "main" { # Boundary policy name that will be applied to the IAM role. name = "myBoundaryPolicy" path = "/" description = "Guardrails Managed Boundary policy to prevent actions from unapproved CIDRs" policy = jsonencode({ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "*" "Resource": "*", "Condition": { "IpAddress": { "aws:SourceIp": [ "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ] } } } ] }) } |