Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Restrict access to s3 bucket

0

Our company has an application running on Amazon EC2 instances in a VPC. One of the applications needs to call an Amazon S3 API to store and read objects. The company’s security policies restrict any internet-bound traffic from the applications. Which action will fulfill these requirements and maintain security?

Tópicos
ArmazenamentoRede e entrega de conteúdo
Tags
Serviço de armazenamento simples da AmazonAmazon VPC
Idioma
English
aws-repost986547
feita há 2 anos427 visualizações
2 Respostas
0
Resposta aceita

If you want to avoid internet traffic, then leverage a VPC Endpoint for S3 from within the VPC where the EC2 instance will reside that need access to the data.

Then leverage a policy on the EndPoint to restrict access to just that VPC, additionally then add a bucket policy onto the S3 bucket that only allows access to the VPC Endpoint.

https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies-vpc-endpoint.html

profile pictureAWS
ESPECIALISTA
Rob_H
respondido há 2 anos
0

You should create a Gateway Endpoint for S3. Relevant steps can be found here

profile picture
Syd
respondido há 2 anos

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante