You can now set endpoint policies on AWS interface endpoints. Amazon VPC endpoint policy is an AWS Identity and Access Management (AWS IAM) resource policy that you can attach to an endpoint when you create or modify the endpoint. If you do not attach a policy when you create an endpoint, a default policy gets attached for you to allow full access to the service. The Amazon VPC endpoint policy defines which principal can perform which actions on which resources. An endpoint policy does not override or replace IAM user policies or service-specific policies. It is a separate policy for controlling access from the endpoint to the specified service.

from Recent Announcements