W-Systems COVID-19 Business Continuity Read More
Amazon Elastic Compute Cloud (EC2) now lets you attach IAM resource policies to your VPC endpoints. VPC Endpoint policies can help you meet compliance and regulatory requirements by granularly controlling access to Amazon EC2 APIs.
You can use a VPC endpoint policy to define the Amazon EC2 actions (RunInstances, CreateVolume, etc) that may be performed, the principal that may perform the actions, and the resources on which the actions may be performed. The list of resource types supported for each EC2 action can be found in the Amazon EC2 IAM policy documentation.
VPC endpoint policies for Amazon EC2 are available in all public AWS regions. You can get started with endpoint policies by creating a VPC endpoint for Amazon EC2, or by adding a policy to an existing VPC endpoint. For more information about using VPC endpoint policies, see the Amazon EC2 documentation.
You can now tag your Amazon Virtual Private Cloud (VPC) flow logs. A tag is a simple label consisting of a user-defined key and an optional value that can be used to easily manage, categorize and search for your VPC flow log subscriptions based on purpose, owner, or other such criteria.
To get started, you can specify tags while creating new VPC flow logs. You can also add, edit or delete tags on your existing VPC flow logs after creation.
This functionality is available at no additional charge through the AWS Management Console, the AWS Command Line Interface (AWS CLI) or the AWS Software Development Kit (AWS SDK). To learn more about tagging, please visit the user guide. To learn more about Amazon VPC flow logs, please refer to the documentation.
Amazon VPC Network Address Translation (NAT) gateway now supports adding tags at the time of resource creation, and tag-based access control. You can define fine-grained access controls for NAT gateways using tags and AWS Identity and Access Management (IAM) policies. Tags are simple key-value pairs that you can assign to resources to easily organize, search, and identify resources, create cost allocation reports, and control access to resources.
NAT gateway is a highly available AWS managed service that enables instances in a private subnet to connect to the internet, but prevents the internet from initiating a connection with those instances.