I have a vpc with private subnet running amazon linux 2 based ec2 instance. My goal is to access s3 buckets from my private instance. I have created an endpoint interface for s3 under that private subnet. A role to access s3 from ec2 was also created and linked to my private ec2 instance.
After creating s3 endpoint interface, I have received below URLs:
- *.vpce-0baa889820078e037-k898xutp.s3.eu-west-2.vpce.amazonaws.com
- *.vpce-0baa882732078e037-k898xutp-eu-west-2b.s3.eu-west-2.vpce.amazonaws.com
I am not sure how to specify them in aws cli after parameter --endpoint-url. If I use them like
aws s3 ls --endpoint-url *.vpce-0baa889820078e037-k898xutp.s3.eu-west-2.vpce.amazonaws.com
, as obvious it throws an error as below:
Bad value for --endpoint-url ".vpce-0baa889820078e037-k898xutp.s3.eu-west-2.vpce.amazonaws.com": scheme is missing. Must be of the form http:/// or https:///*
If I make it as aws s3 ls --endpoint-url http://vpce-0f3a882732078e037-g4l8xutp.s3.eu-west-2.vpce.amazonaws.com
, it results in timeout error. If I use https instead http, it displays below error:
SSL validation failed for https://vpce-0f3a882732078e037-g4l8xutp.s3.eu-west-2.vpce.amazonaws.com/ hostname 'vpce-0baa889820078e037-k898xutp.s3.eu-west-2.vpce.amazonaws.com' doesn't match either of 's3.eu-west-2.amazonaws.com', 'bucket.vpce-0baa889820078e037-k898xutp-eu-west-2a.s3.eu-west-2.vpce.amazonaws.com', '.accesspoint.vpce-0baa889820078e037-k898xutp-eu-west-2b.s3.eu-west-2.vpce.amazonaws.com', '.control.vpce-0baa889820078e037-k898xutp.s3.eu-west-2.vpce.amazonaws.com', '.control.vpce-0baa889820078e037-k898xutp-eu-west-2b.s3.eu-west-2.vpce.amazonaws.com', '.accesspoint.vpce-0baa889820078e037-k898xutp.s3.eu-west-2.vpce.amazonaws.com', '.accesspoint.vpce-0baa889820078e037-k898xutp-eu-west-2a.s3.eu-west-2.vpce.amazonaws.com', '.control.vpce-0baa889820078e037-k898xutp-eu-west-2a.s3.eu-west-2.vpce.amazonaws.com', '.bucket.vpce-0baa889820078e037-k898xutp-eu-west-2a.s3.eu-west-2.vpce.amazonaws.com', 'bucket.vpce-0baa889820078e037-k898xutp-eu-west-2c.s3.eu-west-2.vpce.amazonaws.com', '.bucket.vpce-0baa889820078e037-k898xutp-eu-west-2b.s3.eu-west-2.vpce.amazonaws.com', 'bucket.vpce-0baa889820078e037-k898xutp-eu-west-2b.s3.eu-west-2.vpce.amazonaws.com', '.s3-control.eu-west-2.amazonaws.com', '.s3.eu-west-2.amazonaws.com', '.bucket.vpce-0baa889820078e037-k898xutp-eu-west-2c.s3.eu-west-2.vpce.amazonaws.com', '.accesspoint.vpce-0baa889820078e037-k898xutp-eu-west-2c.s3.eu-west-2.vpce.amazonaws.com', '.bucket.vpce-0baa889820078e037-k898xutp.s3.eu-west-2.vpce.amazonaws.com', '.s3-accesspoint.eu-west-2.amazonaws.com', 'bucket.vpce-0baa889820078e037-k898xutp.s3.eu-west-2.vpce.amazonaws.com', '*.control.vpce-0baa889820078e037-k898xutp-eu-west-2c.s3.eu-west-2.vpce.amazonaws.com'
I am unable to understand how to consume it, I was watching few videos where the demonstrator had just a plain URL without wildcard (*) at the subdomain.
Need help please.
CodePudding user response:
This is what AWS says about it:
The following image shows the VPC console Details tab, where you can find the DNS name of a VPC endpoint. In this example, the VPC endpoint ID (vpce-id) is vpce-0e25b8cdd720f900e and the DNS name is *.vpce-0e25b8cdd720f900e-argc85vg.s3.us-east-1.vpce.amazonaws.com. Remember to replace * when using the DNS name. For example, to access a bucket, the DNS name would be bucket.vpce-0e25b8cdd720f900e-argc85vg.s3.us-east-1.vpce.amazonaws.com. You can also append the name of your bucket to the start of the URL. For example, if you wanted to access my-bucket the URL would be my-bucket.bucket.vpce-0e25b8cdd720f900e-argc85vg.s3.us-east-1.vpce.amazonaws.com.
CLI command: aws s3 --region us-east-1 --endpoint-url https://bucket.vpce-1a2b3c4d-5e6f.s3.us-east-1.vpce.amazonaws.com ls s3://my-bucket/