By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

URLs to whitelist for AWS S3 API endpoints

0

Hello, we are using IAM role for uploading to S3 buckets using AWS API. Our security team has those urls blocked. We need to provide them a list of all endpoints that boto3 client sdk would be hitting. Is there any list available ?

Thanks

Topics
StorageSecurity, Identity, & ComplianceServerlessFront-End Web & MobileNetworking & Content DeliveryCompute
Tags
Amazon Simple Storage ServiceSecurity, Identity, & ComplianceAmazon API GatewayAmazon EC2
Language
English
clouder
asked 10 months ago848 views
2 Answers
1

Hi clouder

I believe you can ask your security team to enable the S3 service endpoints mentioned here -> https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAPI.html https://docs.aws.amazon.com/general/latest/gr/s3.html

Another option would be to create S3 access points which would provide you with a dedicated access point for a relevant bucket -> https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html

From a security perspective, this might be a better option as then you only have to enable the URLs for the buckets in your environment.

profile picture
Bisina
answered 10 months ago
profile picture
EXPERT
Gary Mclean
reviewed 10 months ago
  • Gary Mclean EXPERT
    10 months ago

    Good Idea on the access point.

0

I believe you need the AWS service endpoint URLs.

This page should assist you here https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints

Also a blog post using ssm https://aws.amazon.com/blogs/aws/new-query-for-aws-regions-endpoints-and-more-using-aws-systems-manager-parameter-store/

There are quite a few :-)

profile picture
EXPERT
Gary Mclean
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content