By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

URLs to whitelist for AWS S3 API endpoints

0

Hello, we are using IAM role for uploading to S3 buckets using AWS API. Our security team has those urls blocked. We need to provide them a list of all endpoints that boto3 client sdk would be hitting. Is there any list available ?

Thanks

Topics
StorageSecurity, Identity, & ComplianceServerlessFront-End Web & MobileNetworking & Content DeliveryCompute
Tags
Amazon Simple Storage ServiceSecurity, Identity, & ComplianceAmazon API GatewayAmazon EC2
Language
English
clouder
asked 2 years ago2K views
2 Answers
1

Hi clouder

I believe you can ask your security team to enable the S3 service endpoints mentioned here -> https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAPI.html https://docs.aws.amazon.com/general/latest/gr/s3.html

Another option would be to create S3 access points which would provide you with a dedicated access point for a relevant bucket -> https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html

From a security perspective, this might be a better option as then you only have to enable the URLs for the buckets in your environment.

profile picture
Bisina
answered 2 years ago
profile picture
EXPERT
Gary Mclean
reviewed 2 years ago
  • Gary Mclean EXPERT
    2 years ago

    Good Idea on the access point.

0

I believe you need the AWS service endpoint URLs.

This page should assist you here https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints

Also a blog post using ssm https://aws.amazon.com/blogs/aws/new-query-for-aws-regions-endpoints-and-more-using-aws-systems-manager-parameter-store/

There are quite a few :-)

profile picture
EXPERT
Gary Mclean
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content