By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

S3 bucket behind VPC needing custom SSL cert

0

Hi There

I have gotten a S3 bucket to work behind VPC Endpoint and custom url. I want to change the SSL cert the bucket is using without using cloudfront. We are planning to expose the VPC IP address via our gateway vm it is currently working just the SSL certificate is still showing up s3.amazon one. Is it possible to change the cert?

Topics
StorageNetworking & Content Delivery
Tags
Amazon Simple Storage ServiceAmazon VPC
Language
English
Markbza
asked a year ago243 views
1 Answer
0

The short answer is no. First because S3 static websites feature do not support SSL. This is a total different feature than using S3 as a regular object storage, in which you do not use HTTP protocol to GET HTML web pages or other static content, you use API calls to S3 API which are different endpoints (and they are TLS with s3.amazon certificate). So, when you deploy a VPC Endpoint (it doesn't matter Network or Gateway) you are accessing the S3 API not the feature which supports WebSite hosting which has a totally different endpoint and cannot be accessed using VPC Endpoints for this reason. So, if you want to access your website form a private IP you cannot use VPC Endpoints. If you want to expose a public website with a custom SSL certificate, the best approach is to use CloudFront (pay per use and you remove proxy management).

I hope to have helped you to clarify your question.

Best,

profile pictureAWS
JuanEn_G
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content