VPCEndpointServicePermissions
The VPCEndpointServicePermissions resource lets you manage permissions for an AWS EC2 VPC Endpoint Service. This resource allows you to specify which AWS accounts can access your endpoint service. For more detailed information, visit the AWS EC2 VPCEndpointServicePermissions documentation.
Minimal Example
Section titled “Minimal Example”Create a basic VPCEndpointServicePermissions resource with required properties and allow a specific principal.
import AWS from "alchemy/aws/control";
const vpceServicePermissions = await AWS.EC2.VPCEndpointServicePermissions("vpceServicePermissions", {  AllowedPrincipals: [    "arn:aws:iam::123456789012:root" // Allow access to this AWS account  ],  ServiceId: "vpce-svc-abcdef1234567890"});Advanced Configuration
Section titled “Advanced Configuration”Configure the VPCEndpointServicePermissions with multiple principals and demonstrate adoption of an existing resource.
const advancedVpceServicePermissions = await AWS.EC2.VPCEndpointServicePermissions("advancedVpceServicePermissions", {  AllowedPrincipals: [    "arn:aws:iam::123456789012:role/MyRole", // Allow a specific IAM role    "arn:aws:iam::987654321098:root" // Allow another AWS account  ],  ServiceId: "vpce-svc-abcdef1234567890",  adopt: true // Adopt an existing resource if it already exists});Use Case: Restricting Access
Section titled “Use Case: Restricting Access”Set up the permissions to restrict access to a specific set of principals for a more controlled environment.
const restrictedVpceServicePermissions = await AWS.EC2.VPCEndpointServicePermissions("restrictedVpceServicePermissions", {  AllowedPrincipals: [    "arn:aws:iam::123456789012:role/SpecialAccessRole", // Allow a specific role    "arn:aws:iam::123456789012:role/AnotherRole" // Allow another role from the same account  ],  ServiceId: "vpce-svc-abcdef1234567890"});Use Case: Updating Permissions
Section titled “Use Case: Updating Permissions”Update the VPCEndpointServicePermissions to change the allowed principals.
const updateVpceServicePermissions = await AWS.EC2.VPCEndpointServicePermissions("updateVpceServicePermissions", {  AllowedPrincipals: [    "arn:aws:iam::123456789012:role/UpdatedRole" // Update to a different role  ],  ServiceId: "vpce-svc-abcdef1234567890"});