Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Restrict access to s3 bucket

0

Our company has an application running on Amazon EC2 instances in a VPC. One of the applications needs to call an Amazon S3 API to store and read objects. The company’s security policies restrict any internet-bound traffic from the applications. Which action will fulfill these requirements and maintain security?

Temas
AlmacenamientoRedes y entrega de contenido
Etiquetas
Amazon Simple Storage ServiceAmazon VPC
Idioma
English
aws-repost986547
preguntada hace 2 años427 visualizaciones
2 Respuestas
0
Respuesta aceptada

If you want to avoid internet traffic, then leverage a VPC Endpoint for S3 from within the VPC where the EC2 instance will reside that need access to the data.

Then leverage a policy on the EndPoint to restrict access to just that VPC, additionally then add a bucket policy onto the S3 bucket that only allows access to the VPC Endpoint.

https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies-vpc-endpoint.html

profile pictureAWS
EXPERTO
Rob_H
respondido hace 2 años
0

You should create a Gateway Endpoint for S3. Relevant steps can be found here

profile picture
Syd
respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante