Implementing access controls

You can use service control policies (SCPs), VPC endpoint policies, resource control policy (RCPs), and identity-based policies for AWS Management Console Private Access to limit the set of accounts (trusted identities) that are allowed to use the AWS Management Console (trusted resources) from within your VPC and its connected on-premises networks (expected networks).