I'd say to review this from 2 different points of view:
1- Networking If you effectively blocked public access (from the internet), calls from the EC2 instance to the bucket should be using this particular option described in the guide: Private EC2 instance with connectivity to Amazon S3 using a gateway VPC endpoint (https://docs.aws.amazon.com/vpc/latest/userguide/vpce-gateway.html). Make sure it is that way and all traffic is flowing internally, without reaching the internet.
2- Permissions Check you are using the same role for both CLI and SDK, or at least make sure both roles have enough permissions to perform the actions you need. For that, take a look at both IAM role/policies and S3 bucket policies. I think these 2 references can help: Making requests using IAM user temporary credentials https://docs.aws.amazon.com/AmazonS3/latest/userguide/AuthUsingTempSessionToken.html Making requests using AWS account or IAM user credentials https://docs.aws.amazon.com/AmazonS3/latest/userguide/AuthUsingAcctOrUserCredentials.html
I hope this helps...
- Accepted Answerasked 4 years ago
- I enabled public access on my bucket's ACL using the Amazon S3 console. Is my bucket open to everyone?AWS OFFICIALUpdated 2 years ago
- How can I troubleshoot issues when granting public read access to an Amazon S3 object using a bucket policy or an object ACL?AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
- EXPERTpublished 4 months ago
- EXPERTpublished a month ago