- 最新
- 投票最多
- 评论最多
Add a resource policy to the S3 Bucket allowing access from your primary account. Make sure the policy on your EC2 instance's IAM role allows access to this bucket. Configure an S3 VPC Endpoint in your primary account VPC. Then your EC2 instance will be able to access the S3 service, and your bucket, without going over the internet.
In this case I would use a S3 Gateway Endpoint in each account. They are zero cost and ensure that S3 traffic doesn't traverse a NAT or Internet Gateway. It will allow each VPC to access buckets in other accounts as required.
Hey,
I totally feel your frustration with those massive data transfer charges! Dealing with AWS data transfer costs can be a real headache...
So, regarding your situation, AWS-User-6176623, you're definitely on the right track with considering VPC endpoints. Good news is, VPC endpoints can indeed be used across AWS accounts. They offer a private connection between your VPC and other AWS services, which means you can transfer data between your primary and secondary accounts without going over the public internet.
Here's what you could do: Set up a VPC endpoint in your secondary account for Amazon S3, and then configure your primary account's EC2 instances to use that endpoint for sending data to the S3 bucket in the secondary account. This way, you'll avoid those data transfer charges and keep your traffic secure within the AWS network.
I've personally used VPC endpoints before, and they're pretty straightforward to set up. Just remember to configure the necessary route tables and security groups correctly.
相关内容
AWS 官方已更新 2 年前- AWS 官方已更新 1 年前
Thanks, I would try this and confirm I'm hopping this would work 100%