Access Secrets Manager from EC2 without Endpoint

0

I have a ec2 instance (Elastic Beanstalk) that get secrets from the secret manager. For that to work the ec2 as a role with the permission to access the secret, a security group with https permission with the origin and destination of itself and an endpoint to the secrets manager.

Everything works fine but it doesn't work without the endpoint.

My question is, why do I need the endpoint if the ec2 already has public access to the internet?

2 Answers
0

An application running inside an EC2 machine can connect to Secrets Manager using either the public endpoints of Secrets Manager (https://docs.aws.amazon.com/general/latest/gr/asm.html) or using a VPC endpoint to Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/vpc-endpoint-overview.html). If using the VPC endpoint, the traffic goes over the AWS network and not over the public internet.

Security groups are stateful firewalls to ensure access only from relevant IPs, CIDRs or other security groups are allowed on the opened ports only. As the name suggests, that's to protect from unauthorized access.

profile pictureAWS
EXPERT
answered a year ago
profile picture
EXPERT
reviewed 4 months ago
0

Thanks for the answer.

I know this. Right now I'm using a VPC endpoint but if I didn't have the endpoint the connection with the secrets manager wouldn't work. Why is that? What is blocking the connection? Is the Internet gateway? Is the router?

I'm using the aws sdk to get the secret.

TP-user
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions