Amazon Virtual Private Cloud Endpoint Policies for Amazon SWF
You can create an Amazon VPC endpoint policy for Amazon SWF in which you specify the following:
-
The principal that can perform actions.
-
The actions that can be performed.
-
The resources on which the actions can be performed.
The following example shows an Amazon VPC endpoint policy that allows all Amazon SWF operations on a single domain for a specific IAM role.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "swf:*",
"Resource": "arn:aws:swf:*:123456789012:/domain/myDomain",
"Principal": {
"AWS": "arn:aws:iam::123456789012:role/MyRole"
}
}
]
}
-
For more information about creating endpoint policies, see Controlling Access to Services with VPC Endpoints.
-
For information about how you can use IAM to control access to your AWS and Amazon SWF resources, see Identity and Access Management in Amazon Simple Workflow Service.