AWS Identity and Access Management (IAM) now offers three new global condition keys that will make it easier for you to establish a network perimeter. The new condition keys – aws:VpceAccount, aws:VpceOrgPaths, and aws:VpceOrgID – help you ensure that requests to your AWS resources or by your identities are made through your VPC endpoints.
The condition keys provide you with varied levels of granularity, enabling you to implement your network perimeter controls at an account, organization path, and entire organization level. The controls automatically scale with your VPC usage, eliminating the need to enumerate VPC endpoints or update policies as you add or remove them. You can use these condition keys with both new and existing service control policies (SCPs), resource control policies (RCPs), resource-based policies, and identity-based policies.
The condition keys are supported for a select set of AWS services and are available in all commercial AWS Regions where those services support AWS PrivateLink.
To learn more about these new condition keys and supported services, please visit the AWS IAM documentation and AWS blog.
Categories: general:products/aws-iam,marketing:marchitecture/security-identity-and-compliance
Source: Amazon Web Services
Latest Posts
- MC1309747: Planner Arrives in Outlook and Microsoft 365 Copilot for Streamlined Task Management

- MC1247902: SharePoint Adds AI Citations Analytics for Documents, Pages, and Site Usage

- MC1392559: Microsoft Teams Adds In-Product Guidance for Screen Sharing Issues on macOS

- MC1401303: Microsoft Teams Adds Events Templates with “Optimize for Large Audience” and Policy-Based Controls






