Policy Packs
Deny all AWS IAM actions from Unapproved Networks

Policy Setting: AWS > IAM > Stack > Source

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "aws_iam_stack_source" {
resource = turbot_policy_pack.main.id
type = "tmod:@turbot/aws-iam#/policy/types/iamStackSource"
value = <<EOT
### Deny Actions from unapproved CIDRs ###
resource "aws_iam_policy" "main" {
# Boundary policy name that will be applied to the IAM role.
name = "myBoundaryPolicy"
path = "/"
description = "Guardrails Managed Boundary policy to prevent actions from unapproved CIDRs"
policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*"
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
}
}
}
]
})
}
EOT
}