- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
When you say "I run nslookup on the s3 endpoint from the on-prem server, it resolves to private IP", what s3 endpoint do you mean? At some point you need to override DNS resolution of the standard s3 service name (as opposed to your vpc endpoint domain name) so that it no longer maps to a public IP. Within a VPC you can do that by directly overriding with a Private Hosted Zone, but in your hybrid situation where you need to do this on-prem, you need to delegate resolution via a Route 53 Resolver Endpoint. See for example https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html.
A couple of the Resources in your policy don't look right - they are "s3::<bucket-name>" instead of "s3:::<bucket-name>". If you still have problems, what are you using to access S3 from on-prem?
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 3 anni fa
The nslookup is on the S3 endpoint DNS: *.vpce-1234567890-abcd2zc.s3.eu-west-1.vpce.amazonaws.com which we are using to connect from on-premise and resolves to private IP.