VPCE和AWS托管的资源

允许VPCE访问AWS托管的资源则可以添加以下策略：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowRequestsByAWSServicePrincipals",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "*",
            "Resource": "*",
            "Condition": {
                "Bool": {
                    "aws:PrincipalIsAWSService": "true"
                }
            }
        },
        {
            "Sid": "AllowRequestsToAWSOwnedResources",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "s3:GetObject"
            ],
            
            "Resource": [
                "arn:aws:s3:::packages.<region>.amazonaws.com/*",
                "arn:aws:s3:::repo.<region>.amazonaws.com/*",
                "arn:aws:s3:::amazonlinux.<region>.amazonaws.com/*",
                "arn:aws:s3:::amazonlinux-2-repos-<region>/*",
                "arn:aws:s3:::al2023-<region>/*",
                "arn:aws:s3:::repo.<region>.emr.amazonaws.com/*",
                "arn:aws:s3:::prod.<region>.appinfo.src/*",
                "arn:aws:s3:::aws-ssm-<region>/*",
                "arn:aws:s3:::aws-windows-downloads-<region>/*",
                "arn:aws:s3:::amazon-ssm-<region>/*",
                "arn:aws:s3:::amazon-ssm-packages-<region>/*",
                "arn:aws:s3:::<region>-birdwatcher-prod/*",
                "arn:aws:s3:::aws-ssm-distributor-file-<region>/*",
                "arn:aws:s3:::aws-ssm-document-attachments-<region>/*",
                "arn:aws:s3:::patch-baseline-snapshot-<region>/*",
                "arn:aws:s3:::aws-patchmanager-macos-<region>/*",
                "arn:aws:s3:::amazoncloudwatch-agent-<region>/*",
                "arn:aws:s3:::amazoncloudwatch-agent/*",
                "arn:aws:s3:::aws-codedeploy-<region>/*",
                "arn:aws:s3:::ec2imagebuilder-toe-<region>-prod/*",
                "arn:aws:s3:::ec2imagebuilder-managed-resources-<region>-prod/components/*",
                "arn:aws:s3:::prod-<region>-starport-layer-bucket/*",
                "arn:aws:s3:::aws-mgn-clients-<region>/*",
                "arn:aws:s3:::aws-mgn-clients-hashes-<region>/*",
                "arn:aws:s3:::aws-mgn-internal-<region>/*",
                "arn:aws:s3:::aws-mgn-internal-hashes-<region>/*",
                "arn:aws:s3:::aws-application-migration-service-<region>/*",
                "arn:aws:s3:::aws-application-migration-service-hashes-<region>/*",
                "arn:aws:s3:::aws-drs-clients-<region>/*",
                "arn:aws:s3:::aws-drs-clients-hashes-<region>/*",
                "arn:aws:s3:::aws-drs-internal-<region>/*",
                "arn:aws:s3:::aws-drs-internal-hashes-<region>/*",
                "arn:aws:s3:::aws-elastic-disaster-recovery-<region>/*",
                "arn:aws:s3:::aws-elastic-disaster-recovery-hashes-<region>/*"
            ]
        }
    ]
}