Creating a User and Granting VPC Endpoint Permissions

Use IAM to implement fine-grained permissions control over your VPC Endpoint resources. With IAM, you can:

  • Create IAM users for employees based on your enterprise's organizational structure. Each IAM user has their own security credentials for accessing VPC Endpoint resources.

  • Grant only the permissions required for users to perform a specific task.

  • Entrust an account or a cloud service to perform efficient O&M on your VPC Endpoint resources.

If your account does not need individual IAM users, skip this section.

This section describes the process flow for granting permissions (see Figure 1).

Prerequisites

You must learn about permissions (see Permissions) supported by VPC Endpoint and choose policies or roles according to your requirements. To grant permissions for other services, learn about all Permissions supported by IAM.

Process Flow

**Figure 1** Process for granting VPC Endpoint permissions

Figure 1 Process for granting VPC Endpoint permissions

  1. Create a user group and assign it permissions.

    On the IAM console, create a user group and attach the VPCEndpoint Administrator policy to the group.

  2. Create an IAM user and add it to the created user group.

    Create an IAM user and add it to the user group created in 1.

  3. Log in as the IAM user and verify permissions.

    In the authorized region, perform the following operations:

    • On the Service List page, choose VPC Endpoint. Click Create VPC Endpoint in the upper right corner. If you can create a VPC endpoint, the VPCEndpoint Administrator policy has already taken effect.

    • Choose another service from Service List. If a message appears indicating that you have insufficient permissions to access the service, the VPCEndpoint Administrator policy has already taken effect.