2개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
One possible solution would be to have Fargate tasks deployed in a VPC, and then configure an S3 endpoint in that VPC. This approach is detailed in the Fargate task networking documentation. You can also reference the Amazon ECR interface VPC endpoints (AWS PrivateLink) documentation.
답변함 2년 전
0
- It is recommended to go to CloudTrail and see if you can identify the API call made by the ECS task and see which one is denied, and sometimes the CloudTrail entry will give you more specific reason of the denial;
- Are you encrypting any S3 contents?
- Do you have any ACLs set?
- Lastly you might know this and it might be your usecase but in putting the CloudFront OAI in the policy effectively allow any random user can view, delete and update the files and even bucket in your S3, which I rarely recommend.
답변함 2년 전
관련 콘텐츠
- 질문됨 8달 전
- AWS 공식업데이트됨 2년 전