By using AWS re:Post, you agree to the Terms of Use

Access to Public S3 within private subnet in VPC without Internet

0

Hi,
I have a VPC with a private Subnet without Internet Access. From an EC2 inside this subnet I am able to access S3 via a VPC Endpoint. I use this for the amazon Linux repositories and for access to my S3 Bucket.

Now I want to get the RDS SSL Pubic Key for accessing a rds Instance via SSL as described here:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.SSLSupport
The Public Keys are stored here:
https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem

I am not able to connect to the S3 URL from my EC2 Instance.

Do I need Internet access to access this URL or is it possible to access it via a VPC Endpoint?

My VPC and my RDS Database are in Region eu-central-1

Best Regards!

asked 3 years ago270 views
1 Answer
0

Hi,
The URL "s3.amazonaws.com" means that the S3 bucket is in us-east-1. Because it is in a different region, you will require internet access to access that specific s3 bucket.

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html

Endpoints currently do not support cross-region requests—ensure that you create your endpoint in the same region as your bucket. You can find the location of your bucket by using the Amazon S3 console, or by using the get-bucket-location command. Use a region-specific Amazon S3 endpoint to access your bucket; for example, mybucket.s3-us-west-2.amazonaws.com. 

-randy

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions