An S3 Bucket policy that denies all access to the bucket if the specified VPC endpoint is not being used to access the S3 bucket.

Configuration Templates

Missing Parameters
    "Version": "2012-10-17",
    "Statement": [
            "Principal": "*",
            "Action": "s3:*",
            "Resource": [
            "Effect": "Deny",
            "Condition": {
                "StringNotEquals": {
                    "aws:sourceVpce": ""


Customize Template

Policy Parameters

* Required field

Sources and Documentation

Configuration Source: AWS Documentation: Example Bucket Policies for VPC Endpoints for Amazon S3

Additional Documentation:


© 2020 asecurecloud Inc. All Rights Reserved.