Posted On: Jun 17, 2019

You can now set endpoint policies on AWS interface endpoints. Amazon VPC endpoint policy is an AWS Identity and Access Management (AWS IAM) resource policy that you can attach to an endpoint when you create or modify the endpoint. If you do not attach a policy when you create an endpoint, a default policy gets attached for you to allow full access to the service. The Amazon VPC endpoint policy defines which principal can perform which actions on which resources. An endpoint policy does not override or replace IAM user policies or service-specific policies. It is a separate policy for controlling access from the endpoint to the specified service.

Endpoint policies are currently supported by CodeBuild, CodeCommit, ELB API, SQS, SNS, CloudWatch Logs, API Gateway, SageMaker notebooks, SageMaker API, SageMaker Runtime, Cloudwatch Events and Kinesis Firehose.

To learn about more about endpoint policies see the Amazon VPC documentation. To learn about Amazon VPC interface endpoints, see the AWS PrivateLink documentation.