Posted On: Jan 19, 2021
Amazon Elastic Container Service (ECS) now lets you attach IAM resource policies to VPC Endpoints. This allows you to control access to your ECS resources from VPC Endpoints, helping you meet compliance and regulatory requirements.
By configuring Amazon ECS to use an interface VPC endpoint you can improve VPC security by restricting traffic between your VPC and ECS to the Amazon network. Previously, there was no way to restrict access to ECS from VPC Endpoints but with this feature, you can now attach an IAM resource policy to manage the Amazon ECS actions (RunTask, CreateService, etc) that may be performed, the principal that may perform the actions, and the resources on which the actions may be performed.
VPC Endpoint Policy support is available in all regions where ECS is available. To learn more, visit our documentation.