Secure proxy

What is claimed is: 1. A computer-implemented method for providing secure communication with computing resources, comprising: receiving, by one or more computer systems configured with executable instructions, at a secure proxy of a trusted environment, a request from an application to access a computing resource service in an untrusted environment provided by a computing resource service provider, the secure proxy of the trusted environment including a secure endpoint resolver, the request specifying at least an endpoint associated with the computing resource service, the endpoint indicating a location of the computer resource service within a network of the untrusted environment; determining, by the secure endpoint resolver of the secure proxy, a set of network addresses currently associated with the endpoint based at least in part on a set of policies, the network addresses of the set being distinct from the endpoint; providing a network address from the set of network addresses to the application; allowing network traffic between the application and at least a subset of the set of network addresses currently associated with the endpoint at least by updating one or more of the set of policies, the subset including at least the network address provided to the application; establishing a secure connection between the application and the computing resource service located at the network address; and after establishing the secure connection, enforcing at least some of the set of policies on network traffic from the application to the computing resource service located at the network address. 2. The computer-implemented method of claim 1 , wherein determining the set of network addresses currently associated with the endpoint comprises: sending one or more query requests to one or more domain name system servers after validating the query requests based at least in part on the set of policies; receiving one or more responses from the one or more domain name system servers; and validating at least one of the one or more responses using a cryptographic key to ensure the authenticity of the responses. 3. The computer-implemented method of claim 1 , wherein determining the set of network addresses currently associated with the endpoint comprises: sending a request to a second computing resource service provided by the computing resource service provider after validating the request based at least in part on the set of policies, the request specifying the endpoint associated with the computing resource service; and receiving a response from the second computing resource service, the response including the set of network addresses currently associated with the endpoint. 4. The computer-implemented method of claim 1 , wherein allowing network traffic between the application and at least a subset of the set of network addresses currently associated with the endpoint comprises updating an access control list. 5. The computer-implemented method of claim 1 , wherein each one of the set of policies is associated with one or more actions and wherein enforcing at least some of the set of policies on subsequent network traffic from the application to the computing resource service comprises: monitoring the network traffic from the application to the computing resource service to determine whether a policy of the set of policies is triggered; and as a result of determining that a policy of the set of policies is triggered, taking the one or more actions associated with the policy. 6. The computer-implemented method of claim 1 , wherein the set of policies includes at least some application-level policies that are operable to ensure data security. 7. The computer-implemented method of claim 1 , further comprising receiving an update from the computing resource service provider, the update associated with the set of policies and operable to facilitate resolution of the set of network addresses associated with the endpoint. 8. The computer-implemented method of claim 1 , wherein the network addresses of the set addresses are representative of individual computing resource services provided by the computing resource service provider. 9. A computer-implemented method, comprising: under the control of one or more computer systems configured with executable instructions, determining, by an endpoint resolver of a secure proxy of a trusted environment, based at least in part on a set of policies, network address information currently associated with a computing resource service in response to a request by an application to access the computing resource service, the request including at least an endpoint associated with the computing resource service that is distinct from the network address information, the network address information including at least one network address associated with the computing resource service; providing, to the application requesting access to the computing resource, the at least one network address from the determined network address information currently associated with the computing resource; updating the set of policies based at least in part on the network address information to allow network traffic between the application and the provided at least one network address; establishing a connection between the application and the at least one network address, such that the application is able to communicate with the computing resource over the connection; and validating network traffic over the established connection associated with the application based at least in part on the set of policies. 10. The computer-implemented method of claim 9 , wherein the application is located in a first data environment and the computing resource service is located in a second data environment less restrictive than the first data environment. 11. The computer-implemented method of claim 9 , wherein the set of policies include at least one or more application-level policies that are applicable to application-level network traffic. 12. The computer-implemented method of claim 9 , wherein the computing resource service is provided by a service provider and wherein at least some of the set of policies provided by the service provider. 13. The computer-implemented method of claim 9 , wherein each of the set of policies is associated with one or more corresponding criteria and one or more corresponding actions and wherein validating network traffic associated with the application based at least in part on the set of policies comprises: inspecting the network traffic to determine applicable of a policy based at least in part on whether one or more criteria associated with the policy are met; and if a policy is determined applicable, taking one or more actions associated with the policy, the one or more actions including at least one of allowing, block, modifying the network traffic, or providing a human-readable message. 14. The computer-implemented method of claim 9 , wherein the service endpoint comprises a Uniform Resource Identifier (URI). 15. One or more non-transitory computer-readable storage media having stored thereon executable instructions that, when executed by one or more processors of a computer system, enable the computer system to at least: receive a request, from an application to access a service including at least an endpoint associated with the service; resolve, at an endpoint resolver of a secure proxy of a trusted environment, network address information by querying one or more services based at least in part on a set of policies, the network address information being distinct from the endpoint in