Require organization membership to access VPC resources - AWS Prescriptive Guidance

Require organization membership to access VPC resources

Survey

We would love to hear from you. Please provide feedback on the AWS PRA by taking a short survey.

This VPC endpoint policy allows only AWS Identity and Access Management (IAM) principals and resources from the o-1abcde123 organization to access Amazon Personalize (Amazon S3) endpoints. This preventative control helps establish a zone of trust and define the personal data perimeter. For more information about how this policy can help protect privacy and personal data in your organization, see AWS PrivateLink in this guide.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowOnlyIntendedResourcesAndPrincipals", "Effect": "Allow", "Principal": "*", "Action": "s3:*", "Resource": "*", "Condition": { "StringEquals": { "aws:PrincipalOrgID": "o-1abcde123", "aws:ResourceOrgID": "o-1abcde123" } } } ] }