# Require organization membership to access VPC resources
<a name="require-organization-membership"></a>

**Survey**  
We would love to hear from you. Please provide feedback on the AWS PRA by taking a [short survey](https://amazonmr.au1.qualtrics.com/jfe/form/SV_cMxJ0MG3jU91Fk2).

This [VPC endpoint policy](https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html) allows only AWS Identity and Access Management (IAM) principals and resources from the `o-1abcde123` organization to access Amazon Personalize (Amazon S3) endpoints. This preventative control helps establish a zone of trust and define the personal data perimeter. For more information about how this policy can help protect privacy and personal data in your organization, see [AWS PrivateLink](personal-data-account.md#privatelink) in this guide.

```
{
    "Version": "2012-10-17",		 	 	 		 	 	 
    "Statement": [
        {
            "Sid": "AllowOnlyIntendedResourcesAndPrincipals",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "aws:PrincipalOrgID": "o-1abcde123",
                    "aws:ResourceOrgID": "o-1abcde123"
                }
            }
        }
    ]
}
```