Identify any fully accessible VPC endpoints and update their access policy in order to stop any unsigned requests made to the supported services and resources.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When the Principal element value is set to "*" within the access policy, the VPC endpoint allows full access to any IAM user or service within the VPC using credentials from any AWS accounts. Allowing access in this manner is considered bad practice and can lead to security issues.
To determine if your AWS VPC endpoints allow full access, perform the following:
To restrict access to your Amazon VPC endpoints, perform the following: