AWS Identity and Access Management (IAM) now supports a new global condition key, aws:SourceVpcArn, that enables customers to enforce region-based access controls for resources accessed through AWS PrivateLink. This condition key returns the ARN of the VPC where the VPC endpoint is attached, allowing customers to verify whether requests travel through a specific VPC and implement controls on private access to their resources in same-region or cross-region scenarios.
Customers can use aws:SourceVpcArn in policies to ensure resources are only accessible from VPC endpoints in specific regions, helping enforce data residency requirements. For example, you can attach a policy to an Amazon S3 bucket that restricts access to requests made through VPC endpoints in designated regions only.
The aws:SourceVpcArn condition key is available in all commercial AWS Regions. For a complete list of supported AWS services and to learn more, please refer to the IAM User Guide.
Categories: general:products/aws-iam,marketing:marchitecture/management-tools
Source: Amazon Web Services
Latest Posts
- Amazon EC2 X2iedn instances now available in AWS Europe (Zurich) region
- External authentication methods (EAM) – Public preview update [MC1192252]
- (Updated) New Copilot button in file previewer for OneDrive and SharePoint [MC1182707]
- (Updated) Microsoft Teams: Chat with anyone with an email address [MC1182004]
