EC2 instances in a private subnet to access S3 but avoid internet exposure.
Dear Team,
Please help me done this task. Give me the instruction that i want to get more exposure
You want EC2 instances in a private subnet to access S3 but avoid internet exposure.
Thanks, MahendraKumar V
- Language
- English
- Newest
- Most votes
- Most comments
If your buckets are in the same region as your EC2s, you can use a S3 Gateway Endpoint https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html
If you want to access buckets in another region, you willl need to look at VPC Endpoints with VPC Peering to another region https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html
Hello Mahendra,
You can achieve that through VPC End point For that follow these steps.
- Create a VPC Endpoint by selecting S3 as service and choose the VPC which holds the private subnet.
- Attach the VPC endpoint to Route table of your private subnet.
- To ensure that only EC2 instances in your VPC can access the S3 bucket, update the S3 bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": ["arn:aws:s3:::your-bucket-name/*"],
"Condition": {
"StringEquals": {
"aws:SourceVpc": "vpc-12345678910"
}
}
}
]
}
By this process you can achieve the access of S3 objects from Private EC2 Instance.
References: https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html
Thank you.
