Open in app

Sign in

Write

Sign in

Restricting Access to Call Lambda Functions to a VPC Endpoint in a Service Control Policy

ACM.314 An SCP policy with multiple conditions evaluated as NOT OR or NOR

Teri Radichel
Cloud Security
Published in
5 min readSep 18, 2023

--

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics | Code.

🔒 Related Stories: Lambda | Container Security | Application Security

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In the last post, I was attempting to use IP addresses to restrict access to using the AWS IP restrictions in a Service Control Policy. It worked for public IPs but not private IP addresses.

AWS IP Conditions in an SCP Not Working With Private IP Ranges and Lambda VPC Endpoint

ACM.313 Attempting to restrict private network access with an SCP and a NotIPAddress or IPAddress condition doesn’t…

medium.com

I felt like I was forgetting something (it happens) and sure enough while reading around I ran across this post:

Restrict access to AWS resources based on Region, IP, or VPC

I want to restrict access to AWS resources based on the AWS Region, source IP address, or Amazon Virtual Private Cloud…

repost.aws

Create an identity-based…

--

--

Cloud Security
Cloud Security

Published in Cloud Security

1.2K Followers
Last published Nov 30, 2024

Cybersecurity in a Cloudy World

Teri Radichel
Teri Radichel

Written by Teri Radichel

2.5K Followers
6 Following

CEO 2nd Sight Lab | Penetration Testing & Assessments | AWS Hero | Masters of Infosec & Software Engineering | GSE 240 etc | IANS | SANS Difference Makers Award

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams