Restrict AWS Management Console access to expected networks with sign-in resource-based policies and RCPs
Security Blog
This article explains how to restrict AWS Management Console access to expected networks using sign-in resource-based policies and resource control policies (RCPs).
- Create resource permission statements specifying corporate IP ranges, VPCs, and excluded principals for console access
- Enable console authorization configuration to enforce the resource-based policy on your account
- Verify implementation through CloudTrail events showing successful and denied sign-in attempts
- Scale across multiple accounts using RCPs attached at organization, OU, or account level
- Combine with AWS Management Console Private Access to create comprehensive data perimeter controls
- Available at no additional cost in all AWS commercial Regions
Sign-in resource-based policies and RCPs enable organizations to enforce network perimeter controls for console access, supporting regulatory compliance and security requirements.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Jun 16
2026
2026
AWS Sign-in now supports resource-based policies and resource control policies
Nov 13
2024
2024
Introducing resource control policies (RCPs) to centrally restrict access to AWS resources
Feb 28
2025
2025
AWS Network Firewall simplifies policy management with enhanced console features
Sep 17
2025
2025
AWS Network Firewall enhances console, monitoring, and security features
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.