AWS Security ChangesHomeSearch

AWS datasync documentation change

Service: datasync · 2025-10-01 · Documentation low

File: datasync/latest/userguide/managing-access-overview.md

Summary

Added documentation about VPC endpoint policies for DataSync API access control

Security assessment

Documents security feature (VPC endpoint policies) for restricting DataSync API operations through service endpoints. Enhances security documentation but does not fix a specific vulnerability.

Diff

diff --git a/datasync/latest/userguide/managing-access-overview.md b/datasync/latest/userguide/managing-access-overview.md
index de3c8cb41..05a0e90c8 100644
--- a//datasync/latest/userguide/managing-access-overview.md
+++ b//datasync/latest/userguide/managing-access-overview.md
@@ -5 +5 @@
-DataSync resources and operationsUnderstanding resource ownershipManaging access to resourcesSpecifying policy elements: Actions, effects, resources, and principalsSpecifying conditions in a policy
+DataSync resources and operationsUnderstanding resource ownershipManaging access to resourcesSpecifying policy elements: Actions, effects, resources, and principalsSpecifying conditions in a policyEndpoint policy
@@ -26,0 +27,2 @@ An _account administrator_ is a user with administrator privileges in an AWS acc
+  * Creating an VPC endpoint policy 
+
@@ -152,0 +155,38 @@ To express conditions, you use predefined condition keys. There are no condition
+## Creating an VPC endpoint policy 
+
+VPC endpoint policies help control access to DataSync API operations through DataSync VPC service endpoints and FIPS-enabled VPC service endpoints. VPC endpoint policies allow you to restrict specific DataSync API actions accessed through your VPC service endpoints, such as `CreateTask` or `StartTaskExecution`.
+
+An endpoint policy specifies the following information:
+
+  * The principals that can perform actions.
+
+  * The actions that can be performed.
+
+  * The resources on which actions can be performed.
+
+
+
+
+For more information, see [Control access to VPC endpoints using endpoint policies](https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html)
+
+###### Example policy
+
+The following is an example of a endpoint policy.
+    
+    
+    {
+        "Version": "2012-10-17",		 	 	 
+        "Statement": [
+          {
+            "Effect": "Allow",
+            "Principal": "*",
+            "Action": [
+              "datasync:CreateTask",
+              "datasync:StartTaskExecution",
+              "datasync:DescribeTask"
+            ],
+            "Resource": "arn:aws:datasync:us-east-1:123456789012:task/*"
+         }
+       ]
+    }
+