En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

AWS SSM with on-prem servers using VPC endpoints for S3 patch payloads

0

I cannot get my on-prem linux VMs to patch using VPC endpoints. How can I configure them to use the S3 VPC gateway/endpoint in our VPC? The documentation is severely lacking in this configuration mode.

I have Mds and SSM configured in the amazon-ssm-agent.json using VPC endpoints (also not documented by Amazon) but how do I configure the VM to use our VPC to access S3 to download patch payloads? They still attempt to connect to public S3 buckets to get patches, but we do not allow these servers to be on the open internet. We use DirectConnect for a site-to-site from our colo to VPCs.

No matter what I try, the VM will keep attempting to use public S3 and fails. Patch error output:

10/19/2022 10:01:13 root [INFO]: Downloading payload from https://s3.dualstack.us-east-1.amazonaws.com/aws-ssm-us-east-1/patchbaselineoperations/linux/payloads/patch-baseline-operations-1.96.tar.gz

10/19/2022 10:03:23 root [ERROR]: Error code returned from curl is 7

Sujets
StockageRéseaux et diffusion de contenuGestion et gouvernance
Balises
Simple service de stockage AmazonAmazon VPCGestionnaire de systèmes AWSRéseaux et diffusion de contenu
Langue
English
rePost-User-2289405
demandé il y a 2 ans217 vues
1 réponse
0

Have you taken a look at this blog post that explains how to privately access S3 from on-prem servers - https://aws.amazon.com/blogs/networking-and-content-delivery/secure-hybrid-access-to-amazon-s3-using-aws-privatelink/

profile pictureAWS
EXPERT
Indranil Banerjee AWS
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents