Account restrictions on the AWS Management Console from your network Connectivity from your network to the internet

Overview of AWS Management Console Private Access security controls

Account restrictions on the AWS Management Console from your network

AWS Management Console Private Access is useful in scenarios when you want to limit access to the AWS Management Console from your network only to a specified set of known AWS accounts in your organization. By doing so, you can prevent users from signing in to unexpected AWS accounts from within your network. You can implement these controls using the AWS Management Console VPC endpoint policy. For more information, see Implementing service control policies and VPC endpoint policies.

Connectivity from your network to the internet

Internet connectivity from your network is still required to access assets used by the AWS Management Console, such as static content (JavaScript, CSS, images), and all AWS services not enabled by AWS PrivateLink. For a list of the top-level domains used by the AWS Management Console, see Troubleshooting.

Note

Currently, AWS Management Console Private Access doesn't support endpoints such as status.aws.amazon.com, health.aws.amazon.com, and docs.aws.amazon.com. You will need to route these domains to the public internet.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS Management Console Private Access

Required VPC endpoints and DNS configuration