Create VPC Endpoint for s3-website, not s3-CodePudding

I have a public s3 static website, and I want to hide the public default URL so that it's only viewable via my own reverse-proxy using a VPC endpoint.

It's currently working right now using the URL for standard bucket access: my-bucket.bucket.vpce-xxxxxxxxxx.s3.us-east-2.vpce.amazonaws.com, however this is allowing directory browsing publicly.

Is it possible to create an endpoint for the s3-website version instead of s3 so that directories will route to index.html? There is absolutely nothing in the AWS docs that I can find referring to s3-website endpoints, just standard s3 endpoints.

CodePudding user response：

No, there is no such thing as "s3-website" VPC endpoint.

The following method only works for gateway VPC endpoint for S3

You can attach the following bucket policy to your bucket which has static website hosting enabled,

{
   "Version": "2012-10-17",
   "Id": "Policy1415115909152",
   "Statement": [
     {
       "Sid": "Access-to-specific-VPCE-only",
       "Principal": "*",
       "Action": "s3:GetObject",
       "Effect": "Allow",
       "Resource": "arn:aws:s3:::awsexamplebucket1/*",
       "Condition": {
         "StringEquals": {
           "aws:SourceVpce": "vpce-1a2b3c4d"
         }
       }
     }
   ]
}

then use the bucket website endpoint (e.g. In us-east-1, http://xxx.s3-website-us-east-1.amazonaws.com) to visit your website. Now, internet traffic will be blocked and you can use the VPC endpoint for S3 to access your website privately. Cheers!