Posted On: Apr 8, 2020

VPC Interface endpoints (powered by AWS PrivateLink) and gateway endpoints now support additional IAM condition keys. With this launch, you can now use the IAM condition key ec2: VpceServiceOwner to restrict creation of interface endpoints to either AWS services or services owned by specific AWS accounts. You can also restrict endpoint creation to only specific services by using the ec2: VpceServiceName condition key in your IAM policies. Additionally, you can manage actions on your VPC endpoint and endpoints services based on existing tags on resources like VPCs and subnets using the ec2:resourceTag condition key. 

These IAM condition keys are available in all AWS regions. To learn more about IAM condition keys for VPC Endpoint, please visit the documentation