Amazon_VPC_23
Services with sensitive information are connected to VPC Endpoint. Determine the specific actions needed by the endpoint, and then craft IAM policy with the required permissions.
From Portal:
Default policy allows vpc resources full access to the services behind the endpoint. We should limit this policy and follow least privilege guidelines. Perform the following steps in order to set a new VPC Endpoint policy via AWS Console:
1. Sign in to the Amazon VPC console at https://console.aws.amazon.com/vpc/
2. Choose Endpoints from the left VPC navigation panel
3. Choose relevant endpoint and click Actions
4. Edit the policy.
Note: You can use AWS policy generator tool: https://awspolicygen.s3.amazonaws.com/policygen.html
From Command Line:
aws ec2 modify-vpc-endpoint –vpc-endpoint-id Endpoint_ID –policy-document Path_to_JSON_file_with_updated_policy
References:
1. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html
2. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/modify-vpc-endpoint.html
Want to Know More?
Learn how our partners are managing their cloud security and compliance with Cloudlytics.
I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.
