- Le plus récent
- Le plus de votes
- La plupart des commentaires
Instead of a Gateway Endpoint you can use a PrivateLink endpoint which is accessibly from outside the VPC in which it is created (via Transit Gateway in this case but that's not the only network access path).
However, at this time you can't use S3 PrivateLink endpoints as a target for a web browser - it only accepts S3 API calls - so a little unhelpful in this case. You could create a proxy server in a VPC that does the work for you but that's extra cost plus an instance to maintain (actually, good practice dictates that you should have a load balancers and at least two instances for redundancy) - so not really an option either.
Therefore: given that there is no cost for creating Gateway Endpoints why not create one in each VPC? Then modify the bucket policy to only allow access via the endpoint.
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 3 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 4 mois
- Pourquoi le plug-in CNI de mon VPC ne parvient-il pas à atteindre le serveur d'API dans Amazon EKS ?AWS OFFICIELA mis à jour il y a 2 ans