By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM Policies

By Service Protected

Configuration Packages

Strategy Guides

Other

S3 Bucket Policies

Restrict Access to S3 Bucket to a Specific VPC Endpoint

An S3 Bucket policy that denies all access to the bucket if the specified VPC endpoint is not being used to access the S3 bucket.

AWS Documentation: Example Bucket Policies for VPC Endpoints for Amazon S3
Missing Parameters
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Principal": "*",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::/*",
                "arn:aws:s3:::"
            ],
            "Effect": "Deny",
            "Condition": {
                "StringNotEquals": {
                    "aws:sourceVpce": ""
                }
            }
        }
    ]
}

Actions



Customize Template

Policy Parameters

* Required field