Our Blog

AWS IAM launches aws:SourceVpcArn condition key for region-based access control

Published
November 19, 2025
https://aws.amazon.com/about-aws/whats-new/2025/11/aws-sourcevpcarn-condition-key-region-control/

AWS IAM Global Condition Key Update

AWS Identity and Access Management (IAM) now supports a new global condition key, aws:SourceVpcArn, enabling customers to enforce region-based access controls for resources accessed through AWS PrivateLink. This condition key returns the ARN of the VPC where the VPC endpoint is attached, allowing customers to verify whether requests travel through a specific VPC and implement controls on private access to their resources in same-region or cross-region scenarios.

Customers can use aws:SourceVpcArn in policies to ensure resources are only accessible from VPC endpoints in specific regions, helping enforce data residency requirements. For example, you can attach a policy to an Amazon S3 bucket that restricts access to requests made through VPC endpoints in designated regions only.

What to do

  • Update IAM policies to include the aws:SourceVpcArn condition key for resources accessed through AWS PrivateLink.
  • Verify that your policies correctly enforce region-based access controls.
  • Refer to the IAM User Guide for more information.

Source: AWS release notes




If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.

Follow our blog

Get the latest insights and advice on AWS services from our experts.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related posts

Check out other insights from the team at West Loop Strategy.

View all
https://aws.amazon.com/about-aws/whats-new/2025/11/aws-config-conformance-packs-additional-regions/

AWS Config conformance packs now available in additional AWS Regions

AWS Config conformance packs and organization-level management capabilities for conformance packs are now available in additional AWS Regions
Read more
https://aws.amazon.com/about-aws/whats-new/2025/10/aws-parallel-computing-service-supports-pcs-slurm-v25-05/

AWS Parallel Computing Service (PCS) now supports Slurm v25.05

AWS Parallel Computing Service (PCS) now supports Slurm v25
Read more
https://aws.amazon.com/about-aws/whats-new/2025/09/amazon-ec2-c8gn-instances-additional-regions

Amazon EC2 C8gn instances are now available in additional regions

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) C8gn instances, powered by the latest-generation AWS Graviton4 processors, are available in the AWS Region Europe (Frankfurt, Stockholm), Asia Pacific (Singapore)
Read more
View all