But how the hacker will not go via VPC endpoint to S3? Hacker already have the credentials to access S3 from the EC2. This means they will be able to access S3 but will not be able to run Sync command as with VPC endpoints the data will not leave the private network?
But how the hacker will not go via VPC endpoint to S3?
Hacker already have the credentials to access S3 from the EC2. This means they will be able to access S3 but will not be able to run Sync command as with VPC endpoints the data will not leave the private network?
@@BishmeetSingh-r1h the IAM condition will deny the action if it is not originating from the vpc endpoint (from hacker's machine).