An endpoint policy is an IAM resource that you can attach to an interface endpoint. The default endpoint policy allows full access to AWS Batch through the interface endpoint. To control the access allowed to AWS Batch from your VPC, attach a custom endpoint policy to the interface endpoint.
An endpoint policy specifies the following information:
-
The principals that can perform actions (AWS accounts, users, and IAM roles).
-
The actions that can be performed.
-
The resources on which the actions can be performed.
For more information, see Control access to services using endpoint policies in the AWS PrivateLink Guide.
Example: VPC endpoint policy for AWS Batch actions
The following is an example of a custom endpoint policy. When you attach this policy to your interface endpoint, it grants access to the listed AWS Batch actions for all principals on all resources.
{
"Statement": [
{
"Principal": "*",
"Effect": "Allow",
"Action": [
"batch:SubmitJob",
"batch:ListJobs",
"batch:DescribeJobs"
],
"Resource":"*"
}
]
}