Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Restrict access to s3 bucket

0

Our company has an application running on Amazon EC2 instances in a VPC. One of the applications needs to call an Amazon S3 API to store and read objects. The company’s security policies restrict any internet-bound traffic from the applications. Which action will fulfill these requirements and maintain security?

Argomenti
ArchiviazioneNetworking e distribuzione di contenuti
Tag
Servizio di archiviazione semplice di AmazonAmazon VPC
Lingua
English
aws-repost986547
posta 2 anni fa427 visualizzazioni
2 Risposte
0
Risposta accettata

If you want to avoid internet traffic, then leverage a VPC Endpoint for S3 from within the VPC where the EC2 instance will reside that need access to the data.

Then leverage a policy on the EndPoint to restrict access to just that VPC, additionally then add a bucket policy onto the S3 bucket that only allows access to the VPC Endpoint.

https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies-vpc-endpoint.html

profile pictureAWS
ESPERTO
Rob_H
con risposta 2 anni fa
0

You should create a Gateway Endpoint for S3. Relevant steps can be found here

profile picture
Syd
con risposta 2 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente