2 Answers
- Newest
- Most votes
- Most comments
0
One possible solution would be to have Fargate tasks deployed in a VPC, and then configure an S3 endpoint in that VPC. This approach is detailed in the Fargate task networking documentation. You can also reference the Amazon ECR interface VPC endpoints (AWS PrivateLink) documentation.
answered 3 years ago
0
- It is recommended to go to CloudTrail and see if you can identify the API call made by the ECS task and see which one is denied, and sometimes the CloudTrail entry will give you more specific reason of the denial;
- Are you encrypting any S3 contents?
- Do you have any ACLs set?
- Lastly you might know this and it might be your usecase but in putting the CloudFront OAI in the policy effectively allow any random user can view, delete and update the files and even bucket in your S3, which I rarely recommend.
Relevant content
- Accepted Answerasked 8 months ago
- asked 2 years ago
- Accepted Answerasked 5 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago