2 個答案
- 最新
- 最多得票
- 最多評論
0
Block public access must be disabled to access by object URL.
Only via VPC endpoints if the following bucket policy is set.
However, it has not been verified whether access by object URL is possible.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowVPCe",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::BUCKET-NAME",
"arn:aws:s3::: BUCKET-NAME /*"
],
"Condition": {
"StringEquals": {
"aws:sourceVpce": "VPC Endpoint ID"
}
}
}
]
}
0
You only have to disable Block Public Access if you want to access your bucket as a static website (not recommended). Otherwise if you're accessing it via its REST interface (e.g. via the AWS CLI or API) then you just need the right credentials. As you said, an IAM Role allowing your EC2 instance to access S3 should be fine.
To use a VPC Gateway endpoint, you need an entry in your subnet route table directing an AWS-managed Prefix List to that gateway.
相關內容
- 已提問 1 個月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
Thanh you for your suggest. As I understand, if bucket and EC2 are in the same account, only need IAM Role to access bucket. But now I have S3 bucket with block public access and got error Permission denied when s3 cp object form S3 to EC2. Normally, which solution we use to get object from S3 to EC2 if S3 block public access?
I think it is common via VPC endpoints.