By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS SSM with on-prem servers using VPC endpoints for S3 patch payloads

0

I cannot get my on-prem linux VMs to patch using VPC endpoints. How can I configure them to use the S3 VPC gateway/endpoint in our VPC? The documentation is severely lacking in this configuration mode.

I have Mds and SSM configured in the amazon-ssm-agent.json using VPC endpoints (also not documented by Amazon) but how do I configure the VM to use our VPC to access S3 to download patch payloads? They still attempt to connect to public S3 buckets to get patches, but we do not allow these servers to be on the open internet. We use DirectConnect for a site-to-site from our colo to VPCs.

No matter what I try, the VM will keep attempting to use public S3 and fails. Patch error output:

10/19/2022 10:01:13 root [INFO]: Downloading payload from https://s3.dualstack.us-east-1.amazonaws.com/aws-ssm-us-east-1/patchbaselineoperations/linux/payloads/patch-baseline-operations-1.96.tar.gz

10/19/2022 10:03:23 root [ERROR]: Error code returned from curl is 7

Topics
StorageNetworking & Content DeliveryManagement & Governance
Tags
Amazon Simple Storage ServiceAmazon VPCAWS Systems ManagerNetworking & Content Delivery
Language
English
rePost-User-2289405
asked a year ago212 views
1 Answer
0

Have you taken a look at this blog post that explains how to privately access S3 from on-prem servers - https://aws.amazon.com/blogs/networking-and-content-delivery/secure-hybrid-access-to-amazon-s3-using-aws-privatelink/

profile pictureAWS
EXPERT
Indranil Banerjee AWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content