Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

S3 bucket behind VPC needing custom SSL cert

0

Hi There

I have gotten a S3 bucket to work behind VPC Endpoint and custom url. I want to change the SSL cert the bucket is using without using cloudfront. We are planning to expose the VPC IP address via our gateway vm it is currently working just the SSL certificate is still showing up s3.amazon one. Is it possible to change the cert?

Themen
SpeicherVernetzung & Bereitstellung von Inhalten
Tags
Amazon Simple Storage ServiceAmazon VPC
Sprache
English
Markbza
gefragt vor einem Jahr250 Aufrufe
1 Antwort
0

The short answer is no. First because S3 static websites feature do not support SSL. This is a total different feature than using S3 as a regular object storage, in which you do not use HTTP protocol to GET HTML web pages or other static content, you use API calls to S3 API which are different endpoints (and they are TLS with s3.amazon certificate). So, when you deploy a VPC Endpoint (it doesn't matter Network or Gateway) you are accessing the S3 API not the feature which supports WebSite hosting which has a totally different endpoint and cannot be accessed using VPC Endpoints for this reason. So, if you want to access your website form a private IP you cannot use VPC Endpoints. If you want to expose a public website with a custom SSL certificate, the best approach is to use CloudFront (pay per use and you remove proxy management).

I hope to have helped you to clarify your question.

Best,

profile pictureAWS
JuanEn_G
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt