Identify any fully accessible VPC endpoints and update their access policy in order to stop any unsigned requests made to the supported services and resources.
When the Principal element value is set to "*" within the access policy, the VPC endpoint allows full access to any IAM user or service within the VPC using credentials from any AWS accounts. Allowing access in this manner is considered bad practice and can lead to security issues.
To determine if your AWS VPC endpoints allow full access, perform the following:
To restrict access to your Amazon VPC endpoints, perform the following: