2 個答案
- 最新
- 最多得票
- 最多評論
0
One possible solution would be to have Fargate tasks deployed in a VPC, and then configure an S3 endpoint in that VPC. This approach is detailed in the Fargate task networking documentation. You can also reference the Amazon ECR interface VPC endpoints (AWS PrivateLink) documentation.
已回答 2 年前
0
- It is recommended to go to CloudTrail and see if you can identify the API call made by the ECS task and see which one is denied, and sometimes the CloudTrail entry will give you more specific reason of the denial;
- Are you encrypting any S3 contents?
- Do you have any ACLs set?
- Lastly you might know this and it might be your usecase but in putting the CloudFront OAI in the policy effectively allow any random user can view, delete and update the files and even bucket in your S3, which I rarely recommend.
已回答 2 年前
相關內容
- AWS 官方已更新 3 年前