{
"Sid": "Access-to-specific-VPCE-only",
"Effect": "Deny",
"Principal": "*",
"Action": [
"s3:DeleteObject",
"s3:PutObject",
"s3:GetObjectVersion",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::<BUCKET>",
"arn:aws:s3:::<BUCKET>/*"
],
"Condition": {
"StringNotEquals": {
"aws:sourceVpce": "<VPCE>"
}
}
}