VPCE和第三方资源

允许VPCE访问第三方的资源则可以添加以下策略：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowRequestsByThirdPartyIdentitiesToThirdPartyResources",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "<action>",        
            "Resource": "<third-party-resource-arn>",
            "Condition": {
                "StringEquals": {
                    "aws:PrincipalAccount": [
                        "<third-party-account-a>",
                        "<third-party-account-b>"
                    ],
                    "aws:ResourceAccount": [
                        "<third-party-account-a>",
                        "<third-party-account-b>"
                    ]
                }
            }
        },
        {
            "Sid": "AllowRequestsByOrgsIdentitiesToThirdPartyResources",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "<action>",           
            "Resource": "<third-party-resource-arn>",
            "Condition": {
                "StringEquals": {
                    "aws:PrincipalOrgID": "<my-org-id>",
                    "aws:ResourceAccount": [
                        "<third-party-account-a>",
                        "<third-party-account-b>"
                    ]
                }
            }
        }
    ]
}