Posted On: Mar 27, 2020

Amazon Elastic Compute Cloud (EC2) now lets you attach IAM resource policies to your VPC endpoints. VPC Endpoint policies can help you meet compliance and regulatory requirements by granularly controlling access to Amazon EC2 APIs. 

You can use a VPC endpoint policy to define the Amazon EC2 actions (RunInstances, CreateVolume, etc) that may be performed, the principal that may perform the actions, and the resources on which the actions may be performed. The list of resource types supported for each EC2 action can be found in the Amazon EC2 IAM policy documentation

VPC endpoint policies for Amazon EC2 are available in all public Amazon Web Services regions including Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD. You can get started with endpoint policies by creating a VPC endpoint for Amazon EC2, or by adding a policy to an existing VPC endpoint. For more information about using VPC endpoint policies, see the Amazon EC2 documentation