Posted On: Jan 20, 2025
Today, we announced Virtual Private Cloud (VPC) Block Public Access (BPA), a new centralized declarative control that enables network and security administrators to authoritatively block Internet traffic for their VPCs. VPC BPA supersedes any other setting and ensures your VPC resources are protected from unfettered Internet access in compliance with your organizations security and governance policy.
Amazon VPC allows customers to define and launch resources in a logically isolated virtual network. Often times customers have thousands of accounts and VPCs that are owned by multiple business units or application developer teams. Central network and security administrators have the critical responsibility to ensure that resources in their VPCs are accessible to the public Internet in a highly controlled fashion. VPC Block Public Access offers a single declarative control that allows admins to easily block Internet access to VPCs via the Internet Gateway or the Egress-only Internet Gateway and ensures that there is no unintended public exposure to their Amazon Web Services resources regardless of their routing and security configuration. Admins can apply BPA across all or select VPCs in their account, block bi-directional or ingress-only Internet connectivity and exclude select subnets for resources that need Internet access. VPC BPA is integrated with Network Access Analyzer and VPC Flow Logs to support impact analysis, provide advanced visibility and help customers meet audit and compliance requirements.
VPC Block Public Access is available in the Amazon Web Services China (Beijing) Region, operated by Sinnet and the Amazon Web Services China (Ningxia) Region, operated by NWCD. There is no additional charge for using this feature. For additional information, visit the Amazon VPC documentation.