Access to Public S3 within private subnet in VPC without Internet

Question

Hi,  
I have a VPC with a private Subnet without Internet Access. From an EC2 inside this subnet I am able to access S3 via a VPC Endpoint. I use this for the amazon Linux repositories and for access to my S3 Bucket.  
  
Now I want to get the RDS SSL Pubic Key for accessing a rds Instance via SSL as described here:  
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.SSLSupport  
The Public Keys are stored here:  
https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem  
  
I am not able to connect to the S3 URL from my EC2 Instance.  
  
Do I need Internet access to access this URL or is it possible to access it via a VPC Endpoint?  
  
My VPC and my RDS Database are in Region eu-central-1  
  
Best Regards!

Answer

Hi,  
The URL "s3.amazonaws.com" means that the S3 bucket is in us-east-1. Because it is in a different region, you will require internet access to access that specific s3 bucket.

```
Endpoints currently do not support cross-region requests—ensure that you create your endpoint in the same region as your bucket. You can find the location of your bucket by using the Amazon S3 console, or by using the get-bucket-location command. Use a region-specific Amazon S3 endpoint to access your bucket; for example, mybucket.s3-us-west-2.amazonaws.com. 
```

-randy

Access to Public S3 within private subnet in VPC without Internet

관련 콘텐츠