S3 endpoint doesn't work

0

I have logged into my private EC2 from public EC2 in my customVPC

I am not using any NAT Gateway but endpoint to create and access S3 bucket

I am able to use " aws configure" on my private EC2 but when I try to create bucket after successful login it doesn't work

aws s3 ls

aws s3 mb s3://helllloooohh

Above commands don't work

I have configured S3 endpoint in a proper way and assigned private route table but no luck creating or looking up buckets Enter image description here

Enter image description here

Enter image description here

Rish
demandé il y a un mois142 vues
23 réponses
1

Hello.

Have you reviewed the considerations listed in the documentation below?
https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html#gateway-endpoint-considerations-s3

For example, are DNS resolution and DNS hostname enabled in the VPC?
If you do not enable this, name resolution will not be possible and you will not be able to access S3.
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-updating

profile picture
EXPERT
répondu il y a un mois
profile picture
EXPERT
vérifié il y a un mois
  • Enabling DNS didn't work; I am attaching screenshots

0
Réponse acceptée

Hi I gave this a bit more thought and, I believe I know what's going on. You're not specifying a region to your AWS CLI commands which means that any S3 command will first be directed to us-east-1 in order to find out what region the bucket is in. However as you're in a private subnet with only access to the eu-west-1 S3 service via the VPC endpoint, this won't work.

Best practice when using S3 is to always specify the region to remove that dependency on us-east-1. So I believe if you set the region in "aws configure", or ran "aws s3 ls --region eu-west-1", it should work.

Steve

EXPERT
répondu il y a un mois
profile pictureAWS
EXPERT
vérifié il y a un mois
  • You are a genius

0

Hello,

The security group associated with the private EC2 instance should allow outbound HTTPS (port 443) traffic and make sure the route table has a associated route to a Gateway endpoint for S3.

Ensure that the IAM role attached to your private EC2 instance has the necessary permissions for S3 actions (s3:CreateBucket, etc.) and if you have set a policy on the VPC endpoint, ensure that it allows the necessary S3 actions.

For more information: https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html#create-gateway-endpoint-s3

profile picture
EXPERT
répondu il y a un mois
profile pictureAWS
EXPERT
vérifié il y a un mois
  • Thanks Sivaraman,

    I tried but nothing worked

    My new answer has all photos

0

How are your network ACLs set for that subnet? Allowing all traffic or at least HTTPS outbound and ephemeral ports inbound?

EXPERT
répondu il y a un mois
  • ACLs are default for both public and private instance SGs have all traffic allowed for inbound and outbound

0

I tried everything but no luck

  1. All traffic allowed from private instance
  2. Created IAM role and attached photo
  3. Route table for endpoint

Attached are the photos Enter image description here
Enter image description here
Enter image description here
Enter image description here
Enter image description here
Enter image description here

Rish
répondu il y a un mois
0

Enter image description here

Rish
répondu il y a un mois
0

Enter image description here

Rish
répondu il y a un mois
0

Enter image description here

Rish
répondu il y a un mois
0

Enter image description here

Rish
répondu il y a un mois
0

Enter image description here

Rish
répondu il y a un mois
0

Enter image description here

Rish
répondu il y a un mois
0

Enter image description here

Rish
répondu il y a un mois
0

Enter image description here

Rish
répondu il y a un mois
0

Enter image description here

Rish
répondu il y a un mois
0

Enter image description here

Rish
répondu il y a un mois
0

ACLs are default for both public and private instance SGs have all traffic allowed for inbound and outbound

Rish
répondu il y a un mois
0

Enter image description here

Rish
répondu il y a un mois
0

Enter image description here

Rish
répondu il y a un mois
0

Enter image description here

Rish
répondu il y a un mois
0

As per the screenshots ACLs don't have issues

Security groups have all traffic allowed

Endpoint has correct route table and private EC2 has role for full s3 access

Routing is fine too but cannot create and access S3

Any help will be appreciated

Rish
répondu il y a un mois
0

Enter image description here

Rish
répondu il y a un mois
0

Enter image description here

Rish
répondu il y a un mois
0

Thanks everyone for assisting me with this

Rish
répondu il y a un mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions