Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

S3 bucket behind VPC needing custom SSL cert

0

Hi There

I have gotten a S3 bucket to work behind VPC Endpoint and custom url. I want to change the SSL cert the bucket is using without using cloudfront. We are planning to expose the VPC IP address via our gateway vm it is currently working just the SSL certificate is still showing up s3.amazon one. Is it possible to change the cert?

Argomenti
ArchiviazioneNetworking e distribuzione di contenuti
Tag
Servizio di archiviazione semplice di AmazonAmazon VPC
Lingua
English
Markbza
posta un anno fa250 visualizzazioni
1 Risposta
0

The short answer is no. First because S3 static websites feature do not support SSL. This is a total different feature than using S3 as a regular object storage, in which you do not use HTTP protocol to GET HTML web pages or other static content, you use API calls to S3 API which are different endpoints (and they are TLS with s3.amazon certificate). So, when you deploy a VPC Endpoint (it doesn't matter Network or Gateway) you are accessing the S3 API not the feature which supports WebSite hosting which has a totally different endpoint and cannot be accessed using VPC Endpoints for this reason. So, if you want to access your website form a private IP you cannot use VPC Endpoints. If you want to expose a public website with a custom SSL certificate, the best approach is to use CloudFront (pay per use and you remove proxy management).

I hope to have helped you to clarify your question.

Best,

profile pictureAWS
JuanEn_G
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente