Enforcing Regional Boundaries for AI services: Using AWS SCPs to Restrict Access

The vast potential of the cloud comes with the responsibility of managing resources efficiently and securely. For organizations with specific regional requirements, controlling where users deploy resources is crucial. Some entities that require more control might even want to control which AWS services are their developers allowed to use.
With the rapid buildup of AI related services on AWS side once again we face the problem of data governance and localization. After all, data is the fuel for all the AI. As mentioned in our earlier article on AI Opt Out, AWS might be processing our and our customers data in a way or region that we would not want it to. 
In this article we will investigate how to control which regions are available to organization members and try to restrict the services they can use. 

AWS Service Control Policies (SCPs) provide a powerful tool to enforce restrictions and ensure compliance with internal policies. With 

Setting Up Regional Restrictions

To restrict resource creation to specific regions, you can leverage the aws:RequestedRegion condition in your SCP. Here's a breakdown of the steps involved:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "NotAction": [
                "iam:*" //list of globally excluded services to be enabled 
            ],
            "Resource": "*",
            "Effect": "Deny",
            "Condition": {
                "StringNotEquals": {
                    "aws:RequestedRegion": [
                        "eu-central-1",
                        "eu-west-1"
                    ]
                }
            },
            "ArnNotLike": {
                    "aws:PrincipalARN": [
                        "arn:aws:iam::*:role/AdminRoleWithException"                    ]
                }
        }
    ]
} 

The above Statement prevents all services outside of the 2 selected regions (Frankfurt and Ireland). However, since in AWS we have services that are considered Global (not bound to any single region) there needs to be an exception added. Services like IAM, CloudFront, Route53 need to be allow listed in order to work. To make things short I’ve removed all the global services from the SCP but they can be found here : https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html
It's also a good practice to have an exception from this for your Admins. The last section allows a role called AdminRoleWithException to be exempt from this and access all service in all regions (you should also protect this role with appropriate IAM statements).

Setting up Service Allow List

However, only restricting region usage might not be enough in some cases. Companies working in highly secure or regulated markets might want to go a step further and control what services are used and which of them are not available to their developers.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "NotAction": [
                "bedrock:*", //list of globally allowed services to be enabled 
"ec2:*",
"ssm:*"
            ],
            "Resource": "*",
            "Effect": "Deny",
            },
            "ArnNotLike": {
                    "aws:PrincipalARN": [
                        "arn:aws:iam::*:role/AdminRoleWithException"                    ]
                }

        }
    ]
}

The above policy only allows the services that are listed in the NotAction section to be usable to end users. In our example we only allow Bedrock, EC2 and Systems Manager however any production use of this policy requires consideration to make a curated list that suits the organization.
The way we have structured the policy it is compatible with the Region Restrictions presented earlier.

Benefits and Considerations

Combining the two SCPs mentioned above can position you very well to control which services are used inside of your organization and where. It will help you maintain compliance with regional data residency regulations. Restricting access to specific regions can also mitigate potential security risks associated with unauthorized deployments.

However, keep in mind that thoroughly testing and monitoring your SCP before deployment to avoid unintended consequences is required.

Conclusion

SCPs offer a robust mechanism for enforcing regional restrictions in AWS. By carefully defining your policy and understanding its implications, you can ensure your cloud resources are deployed in the right locations, optimizing costs, compliance, and security for your organization.

Curious how to improve your security posture in the world of AI? Contact our experts!