PrivateLink allows you to configure endpoint policies. You can attach these policies to the endpoints deployed in virtual private clouds (VPCs) so that specific Alibaba Cloud entities can use the endpoints to access Alibaba Cloud services. This enhances network security, protects sensitive data, and meets specific security requirements.
Endpoint policy type
Endpoint policies do not override identity-based policies or resource-based policies. For example, if you are using an interface endpoint to connect to Object Storage Service (OSS), you can also use bucket policies to allow the interface endpoint or the VPC where the interface endpoint is deployed to access buckets. Endpoint policies are categorized into the following two types:
Default policy
By default, endpoints can be used for full access. The following section shows the policy content.
{ "Statement": [ { "Effect": "Allow", "Principal": "*", "Action": "*", "Resource": "*" } ] }Custom policy
You can configure custom policies based on your business requirements. For more information, see Policy elements.
Usage notes
An endpoint policy is a JSON file that uses the languages in Resource Access Management (RAM) policies. You must compile endpoint policies based on the policy structure and syntax. For more information, see Policy structure and syntax.
You can attach a policy to an interface endpoint when you create the interface endpoint to access an Alibaba Cloud service. You can modify the endpoint policy at any time. If you do not attach a policy to the interface endpoint, the system attaches the default policy that allows full access to the interface endpoint.
Not all Alibaba Cloud services support endpoint policies. If an Alibaba Cloud service does not support endpoint policies, the service supports full access. Alibaba Cloud ActionTrail supports endpoint policies.
If you create endpoints to access other endpoint services instead of Alibaba Cloud services, the endpoints support full access. For more information about the differences between other endpoint services and Alibaba Cloud services, see the What are Alibaba Cloud services and other endpoint services? section of the Create and manage endpoints topic.