AWS Management Console Private Access

AWS Management Console Private Access is an advanced security feature to control access to the AWS Management Console. AWS Management Console Private Access is useful when you want to prevent users from signing in to unexpected AWS accounts from within your network. With this feature, you can limit access to the AWS Management Console only to a specified set of known AWS accounts when the traffic originates from within your network.

Topics

• Supported AWS Regions, service consoles, and features
• Overview of AWS Management Console Private Access security controls
• Required VPC endpoints and DNS configuration
• Implementing service control policies and VPC endpoint policies
• Implementing identity-based policies and other policy types
• Try AWS Management Console Private Access
• Reference architecture

Supported AWS Regions, service consoles, and features

AWS Management Console Private Access supports only a subset of Regions and AWS services. Unsupported service consoles will be inactive in the AWS Management Console. In addition, certain AWS Management Console features might be disabled when using AWS Management Console Private Access, for example, the Default Region selection in Unified Settings.

The following Regions and service consoles are supported.

Supported Regions

• US East (Ohio)

• US East (N. Virginia)

• US West (N. California)

• US West (Oregon)

• Asia Pacific (Hyderabad)

• Asia Pacific (Mumbai)

• Asia Pacific (Seoul)

• Asia Pacific (Osaka)

• Asia Pacific (Singapore)

• Asia Pacific (Sydney)

• Asia Pacific (Tokyo)

• Canada (Central)

• Europe (Frankfurt)

• Europe (Ireland)

• Europe (London)

• Europe (Paris)

• Europe (Stockholm)

• South America (São Paulo)

• Africa (Cape Town)

• Asia Pacific (Hong Kong)

• Asia Pacific (Jakarta)

• Asia Pacific (Melbourne)

• Canada West (Calgary)

• Europe (Milan)

• Europe (Spain)

• Europe (Zurich)

• Middle East (Bahrain)

• Middle East (UAE)

• Israel (Tel Aviv)

Supported service consoles

• Amazon API Gateway

• AWS App Mesh

• AWS Application Migration Service

• Amazon Athena

• AWS Auto Scaling

• AWS Billing Conductor

• AWS Certificate Manager

• AWS Cloud Map

• Amazon CloudFront

• Amazon CloudWatch

• AWS CodeArtifact

• Amazon CodeGuru

• Amazon Comprehend

• Amazon Comprehend Medical

• AWS Compute Optimizer

• AWS Console Home

• AWS Database Migration Service

• AWS DeepRacer

• Amazon DocumentDB

• Amazon DynamoDB

• Amazon EC2

• Amazon EC2 Global View

• EC2 Image Builder

• Amazon EC2 Instance Connect

• Amazon Elastic Container Registry

• Amazon Elastic Container Service

• AWS Elastic Disaster Recovery

• Amazon Elastic File System

• Amazon Elastic Kubernetes Service

• Amazon ElastiCache

• Amazon EMR

• Amazon EventBridge

• Amazon GameLift

• AWS Global Accelerator

• AWS Glue DataBrew

• AWS Ground Station

• Amazon GuardDuty

• AWS Identity and Access Management

• AWS Identity and Access Management Access Analyzer

• Amazon Inspector

• Amazon Kendra

• AWS Key Management Service

• Amazon Kinesis

• Amazon Managed Service for Apache Flink

• Amazon Data Firehose

• Amazon Kinesis Video Streams

• AWS Lambda

• Amazon Lex

• AWS License Manager

• Amazon Managed Grafana

• Amazon Managed Streaming for Apache Kafka

• Amazon Managed Workflows for Apache Airflow (MWAA)

• AWS Migration Hub Strategy Recommendations

• Amazon MQ

• Network Access Analyzer

• AWS Network Manager

• Amazon OpenSearch Service

• AWS Organizations

• Amazon S3 on Outposts

• Amazon SageMaker Runtime

• Amazon SageMaker Synthetic Data

• Service Quotas

• AWS Signer

• Amazon Simple Email Service

• Amazon Simple Queue Service

• Amazon Simple Storage Service (Amazon S3)

• AWS SQL Workbench

• AWS Step Functions

• AWS Support

• AWS Systems Manager

• AWS Transfer Family

• Unified Settings

• Amazon VPC IP Address Manager