- Newest
- Most votes
- Most comments
Hi,
I'd say to review this from 2 different points of view:
1- Networking If you effectively blocked public access (from the internet), calls from the EC2 instance to the bucket should be using this particular option described in the guide: Private EC2 instance with connectivity to Amazon S3 using a gateway VPC endpoint (https://docs.aws.amazon.com/vpc/latest/userguide/vpce-gateway.html). Make sure it is that way and all traffic is flowing internally, without reaching the internet.
2- Permissions Check you are using the same role for both CLI and SDK, or at least make sure both roles have enough permissions to perform the actions you need. For that, take a look at both IAM role/policies and S3 bucket policies. I think these 2 references can help: Making requests using IAM user temporary credentials https://docs.aws.amazon.com/AmazonS3/latest/userguide/AuthUsingTempSessionToken.html Making requests using AWS account or IAM user credentials https://docs.aws.amazon.com/AmazonS3/latest/userguide/AuthUsingAcctOrUserCredentials.html
I hope this helps...
Relevant content
- asked 6 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago