- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Harden your VPC endpoint by restricting AWS actions that can be invoked through it.
VPC endpoints can be hardened by setting a non-default VPC endpoint policy, limiting the AWS actions that can be taken when an AWS service is invoked through this VPC endpoint.
Follow the Add or remove permissions for your endpoint service AWS console docs.
Edit your existing Amazon VPC endpoint access policy and replace untrusted AWS identifiers. To create a new policy document, use the AWS policy generator.
{
"Id": "insert-vpc-policy-id",
"Version": "2012-10-17",
"Statement": [
{
"Action": "*",
"Effect": "Allow",
"Resource": "*",
"Principal": {
"AWS": [
"insert-allowed-arns"
]
}
}
]
}
Run the modify-vpc-endpoint
command with your VPC endpoint ID and the updated or new policy document to replace the existing policy.
aws ec2 modify-vpc-endpoint \
--region insert-region-here
--vpc-endpoint-id insert-vpc-endpoint-id \
--policy-document file://insert-new-vpc-policy-filename.json
Repeat steps 1 & 2 for all non-compliant VPC Endpoints in the current region.
Repeat steps 1 & 2 for all non-compliant VPC Endpoints in other regions.