如何通过VPC端点禁用对非AWS服务的访问

0

【以下的问题经过翻译处理】是否有办法防止在AWS PrivateLink中创建非AWS服务的VPC端点？客户想要白名单PrivateLink，并确保没有人可以使用PrivateLink连接到非AWS服务。IAM策略中的条件键[ec2:VpceServiceName]（https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-iam.html）应该可以实现，但这会阻止管理员为非AWS服务创建任何端点吗？

Topics

Networking & Content Delivery

Tags

AWS PrivateLink

Language

中文 (简体)

EXPERT

rePost Polyglot

asked 6 months ago25 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

0

【以下的回答经过翻译处理】您可以在“CreateVpcEndpoint”端点的权限条件中添加一个条件，即ServiceName不包含“com.amazonaws.vpce”，以阻止创建面向客户创建的端点服务的端点。

EXPERT

rePost Polyglot

answered 6 months ago

Relevant content

多网络接口，多ip地址配置路由策略，从那个公网ip进入就从对应的ip出去。
rePost-User-8489725
asked a year ago
sagemaker美国人口普查数据在中国宁夏区下载提示拒绝访问
LiuChuang
asked a year ago
怎样通过CloudFormation来给DocumentDB创建一些表和索引(how to create some table and index in DocumentDB by CloudFormation）
Accepted Answer
Dgk
asked 10 months ago
如何讓 IAM 使用者只看的到自己建立的資源 ( How to allow IAM users to only see resources they have created.)
Accepted Answer
kerokero
asked 2 months ago
How do I set up end-to-end HTTPS connectivity with AWS PrivateLink?
AWS OFFICIALUpdated 2 years ago
How do I delete my Network Load Balancer that's associated with VPC endpoint services (PrivateLink)?
AWS OFFICIALUpdated 2 years ago
How can I restrict access to AWS resources based on the AWS Region, source IP address, or Amazon VPC?
AWS OFFICIALUpdated 2 years ago
How do I configure cross-Region Amazon VPC interface endpoints to access AWS PrivateLink resources?
AWS OFFICIALUpdated 7 months ago
Using AWS Private Link for application integration
EXPERT
Tedy_T
published 2 years ago
How to troubleshoot connectivity issues between AWS VPC and on-premises via AWS Direct Connect Transit VIF
EXPERT
Narinder Singh Kharbanda
published 8 months ago