Home > Net >  Force private connection to S3 bucket over direct connect
Force private connection to S3 bucket over direct connect

Time:08-26

Premise: my organization has a direct connect connection to AWS.

I have created an S3 bucket, and I want to limit connectivity to it so that users can only connect to it via the direct connection (so to prohibit any access from outside our network).

Is this possible?

CodePudding user response:

Yes, it's possible. You have to create a VPC interface endpoint for S3 in the desired subnet(s), and then you can use the --region and –-endpoint-url flags in CLI commands, e.g.:

$ aws s3 ls s3://mybucket --region eu-west-2 --endpoint-url http://vpce-001760f0be22cd4e2-3ew5rhyv.s3.eu-west-2.vpce.amazonaws.com

This blog walks you through this step by step.

You can combine this with a bucket policy that prohibits any traffic coming from outside the VPC endpoint for further security.

  • Related