diff --git a/docker-container-scan.sh b/docker-container-scan.sh
new file mode 100644
index 0000000..4d8ccf7
--- /dev/null
+++ b/docker-container-scan.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+docker ps -ef 
diff --git a/us-regions-only-group-exception.policy b/us-regions-only-group-exception.policy
new file mode 100644
index 0000000..b67262d
--- /dev/null
+++ b/us-regions-only-group-exception.policy
@@ -0,0 +1,37 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "DenyAllOutsideUS",
+            "Effect": "Deny",
+            "NotAction": [
+                "iam:*",
+                "organizations:*",
+                "route53:*",
+                "budgets:*",
+                "waf:*",
+                "cloudfront:*",
+                "globalaccelerator:*",
+                "importexport:*",
+                "support:*",
+                "sts:*"
+            ],
+            "Resource": "*",
+            "Condition": {
+                "StringNotEquals": {
+                    "aws:RequestedRegion": [
+                        "us-east-1",
+                        "us-east-2",
+                        "us-west-1",
+                        "us-west-2"
+                    ]
+                },
+                "StringNotLike": {
+                    "aws:PrincipalArn": [
+                    "arn:aws:iam::*:role/NetIDSuperAdmistratorAccess",
+                    "arn:aws:iam::*:role/NetIDCloudTeamAccess"]
+                }
+            }
+        }
+    ]
+}