First step: Launch an ec2 instance within your VPC and try to access your S3 bucket:
[ec2-user@ip-172-31-30-93 ~]$ wget https://s3-eu-west-1.amazonaws.com/my.webtest/website.json --2019-02-02 18:29:28-- https://s3-eu-west-1.amazonaws.com/my.webtest/website.json Auflösen des Hostnamen »s3-eu-west-1.amazonaws.com (s3-eu-west-1.amazonaws.com)«... 52.218.16.244 Verbindungsaufbau zu s3-eu-west-1.amazonaws.com (s3-eu-west-1.amazonaws.com)|52.218.16.244|:443... verbunden. HTTP-Anforderung gesendet, warte auf Antwort... 403 Forbidden 2019-02-02 18:29:28 FEHLER 403: Forbidden.
Second step: change the bucket policy to this:
{
"Version": "2012-10-17",
"Id": "Policy1119991119999",
"Statement": [
{
"Sid": "Access-to-specific-VPC-only",
"Effect": "Allow",
"Principal": "*",
"Action": "*",
"Resource": [
"arn:aws:s3:::my.webtest",
"arn:aws:s3:::my.webtest/*"
],
"Condition": {
"StringEquals": {
"aws:sourceVpc": "vpc-12e0cc74"
}
}
}
]
}
The access to the bucket is still forbidden. So next step is to add the endpoint:Goto VPC -> endpoint:
After that everything works like expected:
[ec2-user@ip-172-31-30-93 ~]$ wget https://s3-eu-west-1.amazonaws.com/my.webtest/website.json --2019-02-02 18:29:51-- https://s3-eu-west-1.amazonaws.com/my.webtest/website.json Auflösen des Hostnamen »s3-eu-west-1.amazonaws.com (s3-eu-west-1.amazonaws.com)«... 52.218.53.66 Verbindungsaufbau zu s3-eu-west-1.amazonaws.com (s3-eu-west-1.amazonaws.com)|52.218.53.66|:443... verbunden. HTTP-Anforderung gesendet, warte auf Antwort... 200 OK Länge: 130 [application/json] In »»website.json.1«« speichern. 100%[===============================================================================================================>] 130 --.-K/s in 0s 2019-02-02 18:29:51 (5,28 MB/s) - »»website.json.1«« gespeichert [130/130]
No comments:
Post a Comment