AWS vpc documentation change
Summary
Added JSON example for VPC endpoint creation policy with service name condition
Security assessment
Provides concrete example of security-focused IAM policy configuration for network security
Diff
diff --git a/vpc/latest/privatelink/security_iam_id-based-policy-examples.md b/vpc/latest/privatelink/security_iam_id-based-policy-examples.md index 40529ca05..007ade49e 100644 --- a//vpc/latest/privatelink/security_iam_id-based-policy-examples.md +++ b//vpc/latest/privatelink/security_iam_id-based-policy-examples.md @@ -133,0 +134,38 @@ You can use the `ec2:VpceServiceName` condition key to control what VPC endpoint +JSON + + +**** + + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "ec2:CreateVpcEndpoint", + "Resource": [ + "arn:aws:ec2:us-east-1:111111111111:vpc/*", + "arn:aws:ec2:us-east-1:111111111111:security-group/*", + "arn:aws:ec2:us-east-1:111111111111:subnet/*", + "arn:aws:ec2:us-east-1:111111111111:route-table/*" + ] + }, + { + "Effect": "Allow", + "Action": "ec2:CreateVpcEndpoint", + "Resource": [ + "arn:aws:ec2:us-east-1:111111111111:vpc-endpoint/*" + ], + "Condition": { + "StringEquals": { + "ec2:VpceServiceName": [ + "com.amazonaws.111111111111.s3" + ] + } + } + } + ] + } + +