AWS Security ChangesHomeSearch

AWS verifiedpermissions medium security documentation change

Service: verifiedpermissions · 2025-03-10 · Security-related medium

File: verifiedpermissions/latest/userguide/vpc-interface-endpoints.md

Summary

Added documentation for creating endpoint policies to control access to Verified Permissions through VPC interface endpoints, including an example policy

Security assessment

The change introduces endpoint policy configuration to restrict access to specific VerifiedPermissions actions, directly addressing security controls for VPC interface endpoints. The example policy shows explicit security configuration.

Diff

diff --git a/verifiedpermissions/latest/userguide/vpc-interface-endpoints.md
index 884e98aa8..1f96da732 100644
--- a/verifiedpermissions/latest/userguide/vpc-interface-endpoints.md
+++ b/verifiedpermissions/latest/userguide/vpc-interface-endpoints.md
@@ -5 +5 @@
-ConsiderationsCreate an interface endpoint
+ConsiderationsCreate an interface endpointCreate an endpoint policy
@@ -33,0 +34,37 @@ If you enable private DNS for the interface endpoint, you can make API requests
+## Create an endpoint policy for your interface endpoint
+
+An endpoint policy is an IAM resource that you can attach to an interface endpoint. The default endpoint policy allows full access to Verified Permissions through the interface endpoint. To control the access allowed to Verified Permissions from your VPC, attach a custom endpoint policy to the interface endpoint.
+
+An endpoint policy specifies the following information:
+
+  * The principals that can perform actions (AWS accounts, IAM users, and IAM roles).
+
+  * The actions that can be performed.
+
+  * The resources on which the actions can be performed.
+
+
+
+
+For more information, see [Control access to services using endpoint policies](https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html) in the _AWS PrivateLink Guide_.
+
+###### Example: VPC endpoint policy for Verified Permissions actions
+
+The following is an example of a custom endpoint policy. When you attach this policy to your interface endpoint, it grants access to the listed Verified Permissions actions for all principals on all resources.
+    
+    
+    {
+       "Statement": [
+          {
+             "Principal": "*",
+             "Effect": "Allow",
+             "Action": [
+                "verifiedpermissions:IsAuthorized",
+                "verifiedpermissions:IsAuthorizedWithToken",
+                "verifiedpermissions:GetPolicy"
+             ],
+             "Resource":"*"
+          }
+       ]
+    }
+