Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Using Amazon Polly with interface VPC endpoints

If you use Amazon Virtual Private Cloud (Amazon VPC) to host your Amazon resources, you can establish a private connection between your VPC and Amazon Polly. You can use this connection to synthesize speech with Amazon Polly without traversing the public internet.

Amazon VPC is an Amazon service that you can use to launch Amazon resources in a virtual network that you define. With a VPC, you have control over your network settings, such the IP address range, subnets, route tables, and network gateways. To connect your VPC to Amazon Polly, you define an interface VPC endpoint for Amazon Polly. This type of endpoint enables you to connect your VPC to Amazon Web Services. The endpoint provides reliable, scalable connectivity to Amazon Polly without requiring an internet gateway, network address translation (NAT) instance, or VPN connection. For more information, see the What is Amazon VPC in the Amazon VPC User Guide.

Interface VPC endpoints are powered by Amazon PrivateLink, an Amazon technology that enables private communication between Amazon Web Services using an elastic network interface with private IP addresses. For more information, see New - Amazon PrivateLink for Amazon Web Services.

The following steps are for users of Amazon VPC. For more information, see Getting Started in the Amazon VPC User Guide.

Availability

VPC endpoints are supported in all the Regions where Amazon Polly is supported. For more information about Amazon Regions and Availability Zones, see Amazon Global Infrastructure.

Creating a VPC endpoint for Amazon Polly

To start using Amazon Polly with your VPC, create an interface VPC endpoint for Amazon Polly. The service to choose is com.amazonaws.Region.polly. You do not need to change any settings for Amazon Polly. For more information, see Creating an Interface Endpoint in the Amazon VPC User Guide.

Testing the connection between your VPC and Amazon Polly

After you create the endpoint, you can test the connection.

To test the connection between your VPC and your Amazon Polly endpoint

If the response to the command includes the list of available Amazon Polly voices, the command has succeeded, and your VPC endpoint is working.

Controlling access to your Amazon Polly endpoint

A VPC endpoint policy is an IAM resource policy that you attach to an endpoint when you create or modify the endpoint. If you don't attach a policy when you create an endpoint, we attach a default policy for you that allows full access to the service. An endpoint policy doesn't override or replace IAM user policies or service-specific policies. It's a separate policy for controlling access from the endpoint to the specified service.

Endpoint policies must be written in JSON format.

For more information, see Controlling Access to Services with VPC Endpoints in the Amazon VPC User Guide.

The following is an example of an endpoint policy for Amazon Polly. This policy enables users connecting to Amazon Polly through the VPC to describe voices and synthesize speech with Amazon Polly, and prevents them from performing other Amazon Polly actions.

{
  "Statement": [
    {
      "Sid": "SynthesisAndDescribeVoicesOnly",
      "Principal": "*",
      "Action": [
        "polly:DescribeVoices",
        "polly:SynthesizeSpeech"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

To modify the VPC endpoint policy for Amazon Polly

Support for VPC context keys

Amazon Polly supports the aws:SourceVpc and aws:SourceVpce context keys that can limit access to specific VPCs or specific VPC endpoints. These keys work only when the user is using VPC endpoints. For more information, see Keys Available for Some Services in the IAM user Guide.