S3 endpoint doesn't work

0

I have logged into my private EC2 from public EC2 in my customVPC

I am not using any NAT Gateway but endpoint to create and access S3 bucket

I am able to use " aws configure" on my private EC2 but when I try to create bucket after successful login it doesn't work

aws s3 ls

aws s3 mb s3://helllloooohh

Above commands don't work

I have configured S3 endpoint in a proper way and assigned private route table but no luck creating or looking up buckets Enter image description here

Enter image description here

Enter image description here

Rish
已提問 1 個月前檢視次數 142 次
23 個答案
1

Hello.

Have you reviewed the considerations listed in the documentation below?
https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html#gateway-endpoint-considerations-s3

For example, are DNS resolution and DNS hostname enabled in the VPC?
If you do not enable this, name resolution will not be possible and you will not be able to access S3.
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-updating

profile picture
專家
已回答 1 個月前
profile picture
專家
已審閱 1 個月前
  • Enabling DNS didn't work; I am attaching screenshots

0
已接受的答案

Hi I gave this a bit more thought and, I believe I know what's going on. You're not specifying a region to your AWS CLI commands which means that any S3 command will first be directed to us-east-1 in order to find out what region the bucket is in. However as you're in a private subnet with only access to the eu-west-1 S3 service via the VPC endpoint, this won't work.

Best practice when using S3 is to always specify the region to remove that dependency on us-east-1. So I believe if you set the region in "aws configure", or ran "aws s3 ls --region eu-west-1", it should work.

Steve

專家
已回答 1 個月前
profile pictureAWS
專家
已審閱 1 個月前
  • You are a genius

0

Hello,

The security group associated with the private EC2 instance should allow outbound HTTPS (port 443) traffic and make sure the route table has a associated route to a Gateway endpoint for S3.

Ensure that the IAM role attached to your private EC2 instance has the necessary permissions for S3 actions (s3:CreateBucket, etc.) and if you have set a policy on the VPC endpoint, ensure that it allows the necessary S3 actions.

For more information: https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html#create-gateway-endpoint-s3

profile picture
專家
已回答 1 個月前
profile pictureAWS
專家
已審閱 1 個月前
  • Thanks Sivaraman,

    I tried but nothing worked

    My new answer has all photos

0

How are your network ACLs set for that subnet? Allowing all traffic or at least HTTPS outbound and ephemeral ports inbound?

專家
已回答 1 個月前
  • ACLs are default for both public and private instance SGs have all traffic allowed for inbound and outbound

0

I tried everything but no luck

  1. All traffic allowed from private instance
  2. Created IAM role and attached photo
  3. Route table for endpoint

Attached are the photos Enter image description here
Enter image description here
Enter image description here
Enter image description here
Enter image description here
Enter image description here

Rish
已回答 1 個月前
0

Enter image description here

Rish
已回答 1 個月前
0

Enter image description here

Rish
已回答 1 個月前
0

Enter image description here

Rish
已回答 1 個月前
0

Enter image description here

Rish
已回答 1 個月前
0

Enter image description here

Rish
已回答 1 個月前
0

Enter image description here

Rish
已回答 1 個月前
0

Enter image description here

Rish
已回答 1 個月前
0

Enter image description here

Rish
已回答 1 個月前
0

Enter image description here

Rish
已回答 1 個月前
0

Enter image description here

Rish
已回答 1 個月前
0

ACLs are default for both public and private instance SGs have all traffic allowed for inbound and outbound

Rish
已回答 1 個月前
0

Enter image description here

Rish
已回答 1 個月前
0

Enter image description here

Rish
已回答 1 個月前
0

Enter image description here

Rish
已回答 1 個月前
0

As per the screenshots ACLs don't have issues

Security groups have all traffic allowed

Endpoint has correct route table and private EC2 has role for full s3 access

Routing is fine too but cannot create and access S3

Any help will be appreciated

Rish
已回答 1 個月前
0

Enter image description here

Rish
已回答 1 個月前
0

Enter image description here

Rish
已回答 1 個月前
0

Thanks everyone for assisting me with this

Rish
已回答 1 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南