如何配置通过 VPC 从 aws ec2 实例访问我的 aws s3 存储桶
[英]How to configure access to my aws s3 bucket from aws ec2 instance via VPC
问题描述
I have installed nginx with kaltura-nginx-vod module on EC2.
我已经在 EC2 上安装了带有 kaltura-nginx-vod 模块的 nginx。 I would like to set up private remote read-only mode to my s3 bucket via http.我想通过 http 为我的 s3 存储桶设置私有远程只读模式。 Example of the desired nginx configuration:所需的 nginx 配置示例:
vod_upstream_location /s3;
location /s3/ {
internal;
proxy_pass http://my-s3-bucket.s3-eu-east-1.amazonaws.com/;
}
I tried to create Access Point to my s3.我试图为我的 s3 创建接入点。 In the settings I had pointed Access option to my VPC, but cURL returned 403 from EC2 when I tried to get some object from s3 by http url. In the settings I had pointed Access option to my VPC, but cURL returned 403 from EC2 when I tried to get some object from s3 by http url. Also I had created IAM role with read-only S3 access and assign to my EC2, but result was same - 403.我还创建了具有只读 S3 访问权限的 IAM 角色并分配给我的 EC2,但结果相同 - 403。
How to set up private http-access from EC2 to s3 bucket via virtual private amazon network in same region?如何通过同一区域的虚拟私有亚马逊网络设置从 EC2 到 s3 存储桶的私有 http 访问?
1 个解决方案
解决方案1
1 2020-12-07 09:09:07
This does not work because you can't access objects based on their URL, unless they are public.这不起作用,因为您无法访问基于其 URL 的对象,除非它们是公共的。 Since you've assigned IAM role to the EC2 instance you have to make signed http request to the object using the object's url with EC2 instance role credentials.由于您已将 IAM 角色分配给 EC2 实例,因此您必须使用对象的 url 和 EC2 实例角色凭证向 object 发出签名的 http 请求。
So either have to construct the valid signature yourself, or simply use AWS SDK , such as boto3 for python, to do this for you.因此,要么必须自己构建有效签名,要么只需使用AWS SDK ,例如boto3的 boto3 来为您执行此操作。 By looking at the kaltura-nginx-vod description it does not seem to be making any signed requests to S3 on your behalf.通过查看kaltura-nginx-vod描述,它似乎没有代表您向 S3 发出任何签名请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.