Back to news
security Priority 5/5 6/17/2026, 11:05:15 AM

AWS Sign-In Adds Support for Resource-Based Policies and Resource Control Policies

AWS Sign-In Adds Support for Resource-Based Policies and Resource Control Policies

AWS has introduced support for resource-based policies and resource control policies within AWS Sign-In for the AWS Management Console. This update allows administrators to define granular access controls, such as limiting console logins exclusively to corporate network ranges or specific IP addresses. By evaluating these policies during the sign-in phase, AWS strengthens perimeter security before users can access console resources.

Related tools

Recommended tools for this topic

These picks prioritize high-intent tools relevant to this topic. Some links may include partner or affiliate tracking.

#aws#cloud#official

Comparison

AspectBefore / AlternativeAfter / This
Sign-In Network RestrictionRelied on IAM user/role policies which are evaluated after the initial sign-in session is established.Enforced at the AWS Sign-In boundary using resource-based policies and RCPs during the authentication flow.
Centralized GovernanceRequired managing IP restrictions individually across various IAM policies and service control policies.Managed centrally at the organization level using Resource Control Policies (RCPs) applied to AWS Sign-In.
Policy TargetIAM identities (users and roles) exclusively.AWS Sign-In endpoint itself as a resource, allowing resource-based policy enforcement.

Action Checklist

  1. Identify corporate network CIDR blocks and trusted IP ranges that require console access. Ensure all remote worker VPN exit points are included to prevent accidental lockouts.
  2. Draft the resource-based policy or Resource Control Policy targeting the AWS Sign-In service. Test the policy configuration in a non-production AWS Organization unit first.
  3. Apply the policies to the production AWS Sign-In configuration or organization root. Verify that authentication is blocked from non-whitelisted external networks.

Source: AWS What's New

This page summarizes the original source. Check the source for full details.

Related