How can it achieve this?

By:
In: SOA-C01
Tagged:
With: 2 Comments
An organization has setup multiple IAM users.The organization wants that each IAM user accesses the IAM console only within the organization and not from outside.

How can it achieve this?

Create an IAM policy with the security group and use that security group for AWS console login

Create an IAM policy with a condition which denies access when the IP address range is not from the organization

Configure the EC2 instance security group which allows traffic only from the organization’s IP range

Create an IAM policy with VPC and allow a secure gateway between the organization and AWS Console

Explanations:

Security groups are used for controlling traffic to and from EC2 instances, not for restricting IAM user access to the AWS Console.

An IAM policy with a condition that restricts access based on the user’s IP address can ensure that only users within the organization’s IP range can access the AWS Console.

EC2 instance security groups control inbound and outbound traffic for EC2 instances but do not affect IAM user access to the AWS Console.

VPC and secure gateways are used for controlling network traffic within a VPC, but they are not relevant for restricting IAM user console access.

2026-04-01

2 Comments

  1. Charles
    Author

    From my perspective, the answer is:
    Create an IAM policy with a condition which denies access when the IP address range is not from the organization

  2. Karen
    Author

    I compute that the answer is:
    Create an IAM policy with a condition which denies access when the IP address range is not from the organization

Leave a Reply to Charles Cancel reply

Your email address will not be published. Required fields are marked *

five × 2 =