Service Control Policies: Restrict VPC CIDR to Specific IP Pools from Amazon VPC IPAM (IP Address Manager)

My Saved Presets

This SCP restrict users in your AWS Organizations account to creating VPCs with CIDRs from a specific IPv4 pool and associating CIDRs to the VPCs from the pool. Users in the account will not be able to create VPCs with CIDRs or associate CIDRs to VPCs from any other pools from the one you choose.

Missing Parameters

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ec2:CreateVpc",
                "ec2:AssociateVpcCidrBlock"
            ],
            "Resource": "arn:aws:ec2:*:*:vpc/*",
            "Effect": "Deny",
            "Condition": {
                "StringNotEquals": {
                    "ec2:Ipv4IpamPoolId": ""
                }
            }
        }
    ]
}

* Required field

Loading Library ...

Restrict VPC CIDR to Specific IP Pools from Amazon VPC IPAM (IP Address Manager)

Actions

Customize Template

Policy Parameters