S3 Interface Endpoint from On-Prem Acccess Denied
Hello,
We have S3 Endpoint (interface type) created at eu-west-1 region.
We are trying to write to the buckets using the DNS created in eu-west-1 from our on-premise location connected via Direct Connect.
DNS: *.vpce-1234567890-abcd2zc.s3.eu-west-1.vpce.amazonaws.com
I have given the following permission in the bucket policy to write to these bucket but still when we try to upload/write to this bucket, we are getting Access Denied error as below.
```
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:PutObjectAcl",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3::<bucket-name>/*",
"arn:aws:s3:::<bucket-name>"
]
},
{
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:PutObjectAcl",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::<bucket-name>/*",
"arn:aws:s3::<bucket-name>
]
}
]
}
```
OTErrWrnLn||ERROR||-1||SERVICE||GBS3||<Bucket_Name> Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 0QWNYWPJZY14EGRC; S3 Extended Request ID: sXic/CHy/OU5oakn7MBb6UESIbggdr9IxaILUiVuGMeUu7iZTUpIUpLeIUieNs82g6jXdBdQ3sU=)||-1||-1||-1|| Access Denied
I would like to know what permission is required to write to this bucket from on-premise please. Or any other steps or configuration I need to apply please.
When I run nslookup on the s3 endpoint from the on-prem server, it resolves to private IP.
BTW, it works when I enable Allow Public Access.
Thank you