MemberJuly 8, 2020 at 3:38 am
An internal web application is hosted in a custom VPC with multiple private subnets only. Every EC2 instance that will be provisioned on this VPC will require access to an S3 bucket to pull configuration files as well as to push application logs.
Which of the following options is the most suitable solution to use in this scenario?
Store the IAM user and password in the application code to access the S3 bucket.
Use the AWS SDK for your application and issue the aws configure CLI command to store your access keys, which will be referred to by the SDK.
Create a VPC endpoint for S3.
Create an IAM Role and attach it to each EC2 instance.
The correct answer is “Create a VPC endpoint for S3.” Doesn’t the EC2 still require an IAM role to access the S3 bucket even if the VPC endpoint is created?
MemberJuly 8, 2020 at 1:31 pm
You can actually access an S3 bucket even without using authentication as long you are using an endpoint to Amazon S3. You can accomplish this by configuring a bucket policy that allows access from the VPC endpoint.
Amazon gives a detailed steps for that, check it here:
Carlo @ TutorialsDojo
MemberJuly 9, 2020 at 12:20 am
Thanks for the explanation.
Log in to reply.