How to access private S3 bucket using VPC gateway endpoint?

0

I have a bucket with Block public access enable, a VPC with S3 Gateway endpoint. When I call request to object URL from EC2 inside this VPC (have IAM Role to access S3) ====>> Access denied So, how to access private S3 bucket using VPC gateway endpoint?

2回答
0

Block public access must be disabled to access by object URL.
Only via VPC endpoints if the following bucket policy is set.
However, it has not been verified whether access by object URL is possible.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowVPCe",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                 "s3:Get*",
                 "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3:::BUCKET-NAME",
                "arn:aws:s3::: BUCKET-NAME /*"
            ],
            "Condition": {
                "StringEquals": {
                    "aws:sourceVpce": "VPC Endpoint ID"
                }
            }
        }
    ]
}
profile picture
エキスパート
回答済み 1年前
  • Thanh you for your suggest. As I understand, if bucket and EC2 are in the same account, only need IAM Role to access bucket. But now I have S3 bucket with block public access and got error Permission denied when s3 cp object form S3 to EC2. Normally, which solution we use to get object from S3 to EC2 if S3 block public access?

  • I think it is common via VPC endpoints.

0

You only have to disable Block Public Access if you want to access your bucket as a static website (not recommended). Otherwise if you're accessing it via its REST interface (e.g. via the AWS CLI or API) then you just need the right credentials. As you said, an IAM Role allowing your EC2 instance to access S3 should be fine.

To use a VPC Gateway endpoint, you need an entry in your subnet route table directing an AWS-managed Prefix List to that gateway.

エキスパート
回答済み 1年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ