I am facing this issue where the S3 Buckets on say Account A are accessible from external IPs(like my laptop), but not from an EC2 instance of another Account B.
I have granted full s3 access to the keys I am using from the laptop and the EC2 instance.Are there any IP level permissions that need to be granted specifically for EC2 instances?
Attached S3 IAM policy for the user :
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
}
]
}
PS: I am aware of cross account access permissions, but the thing is I want the EC2 instance to be treated like "just another request" from a public IP.
The issue was we had a VPC endpoint setup which had restrictions on bucket access. Adding permissions to access the Account A buckets as a new statement in the VPC endpoint policy fixed the issue.
Example:
{
"Sid": "StmtXXXXX",
"Effect": "Allow",
"Principal": {
"AWS": "XXXXXX" (ARN of the IAM user in Account A whose keys are being used)
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::*"
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.