First step: Launch an ec2 instance within your VPC and try to access your S3 bucket:
[ec2-user@ip-172-31-30-93 ~]$ wget https://s3-eu-west-1.amazonaws.com/my.webtest/website.json --2019-02-02 18:29:28-- https://s3-eu-west-1.amazonaws.com/my.webtest/website.json Auflösen des Hostnamen »s3-eu-west-1.amazonaws.com (s3-eu-west-1.amazonaws.com)«... 52.218.16.244 Verbindungsaufbau zu s3-eu-west-1.amazonaws.com (s3-eu-west-1.amazonaws.com)|52.218.16.244|:443... verbunden. HTTP-Anforderung gesendet, warte auf Antwort... 403 Forbidden 2019-02-02 18:29:28 FEHLER 403: Forbidden.
Second step: change the bucket policy to this:
The access to the bucket is still forbidden. So next step is to add the endpoint:{ "Version": "2012-10-17", "Id": "Policy1119991119999", "Statement": [ { "Sid": "Access-to-specific-VPC-only", "Effect": "Allow", "Principal": "*", "Action": "*", "Resource": [ "arn:aws:s3:::my.webtest", "arn:aws:s3:::my.webtest/*" ], "Condition": { "StringEquals": { "aws:sourceVpc": "vpc-12e0cc74" } } } ] }
Goto VPC -> endpoint:
And then choose the following:
(Here you have to select your route table ID!!!)
After that everything works like expected:
[ec2-user@ip-172-31-30-93 ~]$ wget https://s3-eu-west-1.amazonaws.com/my.webtest/website.json --2019-02-02 18:29:51-- https://s3-eu-west-1.amazonaws.com/my.webtest/website.json Auflösen des Hostnamen »s3-eu-west-1.amazonaws.com (s3-eu-west-1.amazonaws.com)«... 52.218.53.66 Verbindungsaufbau zu s3-eu-west-1.amazonaws.com (s3-eu-west-1.amazonaws.com)|52.218.53.66|:443... verbunden. HTTP-Anforderung gesendet, warte auf Antwort... 200 OK Länge: 130 [application/json] In »»website.json.1«« speichern. 100%[===============================================================================================================>] 130 --.-K/s in 0s 2019-02-02 18:29:51 (5,28 MB/s) - »»website.json.1«« gespeichert [130/130]
No comments:
Post a Comment