Skip to content
Alchemy
GitHubXDiscordRSS

AuthPolicy

Learn how to create, update, and manage AWS VpcLattice AuthPolicys using Alchemy Cloud Control.

The AuthPolicy resource lets you manage AWS VpcLattice AuthPolicys for controlling access to your VPC resources based on defined rules.

Minimal Example

Section titled “Minimal Example”

Create a basic AuthPolicy with required properties and a common optional property.

import AWS from "alchemy/aws/control";


const basicAuthPolicy = await AWS.VpcLattice.AuthPolicy("basicAuthPolicy", {
  Policy: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: "vpclattice:Access",
        Resource: "*",
        Condition: {
          StringEquals: {
            "vpclattice:SourceVpc": "vpc-12345678"
          }
        }
      }
    ]
  },
  ResourceIdentifier: "myVpcResource",
  adopt: true // Optional: adopt existing resource
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure an AuthPolicy with more complex rules and multiple conditions for enhanced security.

const advancedAuthPolicy = await AWS.VpcLattice.AuthPolicy("advancedAuthPolicy", {
  Policy: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: [
          "vpclattice:Access",
          "vpclattice:Invoke"
        ],
        Resource: "*",
        Condition: {
          StringEquals: {
            "vpclattice:SourceVpc": "vpc-12345678",
            "vpclattice:User": "user1234"
          },
          NumericLessThan: {
            "vpclattice:RequestCount": 100
          }
        }
      }
    ]
  },
  ResourceIdentifier: "myAdvancedVpcResource"
});

Custom Policies for Specific Use Cases

Section titled “Custom Policies for Specific Use Cases”

Create an AuthPolicy that limits access based on specific IP ranges and request methods.

const ipRestrictedAuthPolicy = await AWS.VpcLattice.AuthPolicy("ipRestrictedAuthPolicy", {
  Policy: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Deny",
        Action: "vpclattice:Access",
        Resource: "*",
        Condition: {
          NotIpAddress: {
            "vpclattice:SourceIp": "192.168.1.0/24"
          }
        }
      },
      {
        Effect: "Allow",
        Action: "vpclattice:Access",
        Resource: "*",
        Condition: {
          StringEquals: {
            "vpclattice:RequestMethod": "GET"
          }
        }
      }
    ]
  },
  ResourceIdentifier: "myIpRestrictedVpcResource"
});