Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Restricting AWS Service Access with VPC Endpoint Policies

0

We're using S3 and Bedrock from our production VPC, and the security team has asked us to restrict the resources and actions callable through VPC Endpoints to the minimum necessary privileges.

For example, we want the S3 VPC Endpoint to only allow access to specific buckets, and the Bedrock VPC Endpoint to only allow inference API calls for specific models. Is this achievable with VPC Endpoint Policies?

Topics
Networking & Content DeliveryStorage
Tags
Amazon VPCAmazon S3 Access Grants
Language
English
asked a month ago88 views
1 Answer
2
Accepted Answer

Yes, VPC Endpoint Policies allow you to granularly restrict the resources and actions for API calls passing through the endpoint.

It's important to understand that VPC Endpoint Policies don't replace IAM policies — they act as an additional filter. A call must be allowed by both the IAM policy and the VPC Endpoint Policy to succeed.

Example 1: S3 Gateway Endpoint — Allow Only a Specific Bucket

Apply the following policy to the S3 Gateway Endpoint:

  • Action: s3:GetObject, s3:PutObject, s3:ListBucket
  • Resource: arn:aws:s3:::my-prod-data-bucket and arn:aws:s3:::my-prod-data-bucket/*
  • This ensures that no bucket other than my-prod-data-bucket can be accessed through this VPC's S3 Endpoint. Even if IAM grants permissions to other buckets, the Endpoint Policy blocks them.

Example 2: Bedrock Runtime Interface Endpoint — Allow Only Specific Models

Apply the following policy to the com.amazonaws.<region>.bedrock-runtime endpoint:

  • Action: bedrock:InvokeModel, bedrock:InvokeModelWithResponseStream, bedrock:Converse, bedrock:ConverseStream
  • Resource: Specify only specific model ARNs (e.g., anthropic.claude-sonnet-4-20250514-v1:0, amazon.titan-embed-text-v2:0)

Important Notes

  • When you write an Endpoint Policy as Allow-based (allowlist), all resources/actions not explicitly allowed are implicitly denied.
  • If using Cross-Region Inference Profiles, the Resource ARN takes the form arn:aws:bedrock:<region>:<account-id>:inference-profile/*, which must be allowed separately.
  • For S3 Gateway Endpoints, adding the aws:sourceVpce condition key to the S3 Bucket Policy lets you restrict access on the bucket side to only allow traffic through that specific VPC Endpoint.
  • Endpoint Policy changes may take a few seconds to a few minutes to propagate. Wait briefly before testing.
  • If you're currently running with a Full Access policy (Allow *), suddenly applying a restrictive policy can cause service outages. It's recommended to first analyze actual call patterns in CloudTrail, then add only the necessary actions/resources to the allow list.
AWS
answered a month ago
EXPERT
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content