-
EC2 in private subnet access to S3 bucket
updated 3 years, 9 months ago
2 Members
·
3
Posts
-
Sample QUESTION
An internal web application is hosted in a custom VPC with multiple private subnets only. Every EC2 instance that will be provisioned on this VPC will require access to an S3 bucket to pull configuration files as well as to push application logs.
Which of the following options is the most suitable solution to use in this scenario?
Store the IAM user and password in the application code to access the S3 bucket.
Use the AWS SDK for your application and issue the aws configure CLI command to store your access keys, which will be referred to by the SDK.
Create a VPC endpoint for S3.
Create an IAM Role and attach it to each EC2 instance.
The correct answer is “Create a VPC endpoint for S3.” Doesn’t the EC2 still require an IAM role to access the S3 bucket even if the VPC endpoint is created?
-
Hello Viqi,
You can actually access an S3 bucket even without using authentication as long you are using an endpoint to Amazon S3. You can accomplish this by configuring a bucket policy that allows access from the VPC endpoint.
Amazon gives a detailed steps for that, check it here:
https://aws.amazon.com/premiumsupport/knowledge-center/s3-private-connection-no-authentication/
Thank you.
Carlo @ TutorialsDojo
-
Thanks for the explanation.
Log in to reply.