restrict s3 access from specific vpc endpoint iam policy

100daysofdevops · 100daysofdevops · commit 3c6560b705d5 · 2022-11-06T20:00:26.000-08:00
diff --git a/iam_policies/6-2-restrict-s3-access-from-specific-vpc-endpoint.json b/iam_policies/6-2-restrict-s3-access-from-specific-vpc-endpoint.json
@@ -0,0 +1,23 @@
+{
+  "Id": "VPCe",
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "VPCe",
+      "Action": "s3:*",
+      "Effect": "Deny",
+      "Resource": [
+        "arn:aws:s3:::example-bucket",
+        "arn:aws:s3:::example-bucket/*"
+      ],
+      "Condition": {
+        "StringNotEquals": {
+          "aws:SourceVpce": [
+            "vpce-1111111"
+          ]
+        }
+      },
+      "Principal": "*"
+    }
+  ]
+}
