Posted On: Mar 23, 2020
HAQM Elastic Compute Cloud (EC2) now lets you attach IAM resource policies to your VPC endpoints. VPC Endpoint policies can help you meet compliance and regulatory requirements by granularly controlling access to HAQM EC2 APIs.
You can use a VPC endpoint policy to define the HAQM EC2 actions (RunInstances, CreateVolume, etc) that may be performed, the principal that may perform the actions, and the resources on which the actions may be performed. The list of resource types supported for each EC2 action can be found in the HAQM EC2 IAM policy documentation.
VPC endpoint policies for HAQM EC2 are available in all public AWS regions. You can get started with endpoint policies by creating a VPC endpoint for HAQM EC2, or by adding a policy to an existing VPC endpoint. For more information about using VPC endpoint policies, see the HAQM EC2 documentation.