stackoom
  简体   繁体   中英

Public S3 bucket access using s3.amazonaws.com/bucket/folder is possible but not using s3-us-east-1.amazonaws.com/bucket/folder

 原文  2020-11-05 12:32:03       amazon-web-services/ amazon-s3

Question

I am trying to figure out why I can't access my public bucket's resources located in us-east-1 region using the following URL:

https://s3-us-east-1.amazonaws.com/demo.terraform.bucket/VideoImages/public.png

I get that error when I try to execute the above URL in the browser:

s3-us-east-1.amazonaws.com’s server IP address could not be found.

However, if I use the bellow URL it works and I get the resource:

https://s3.amazonaws.com/demo.terraform.bucket/VideoImages/public.png

I have another public bucket which was created by someone else in my team in a different region us-west-2 and I can access it using the https://s3-us-west-2.amazonaws.com/<bucketname>/VideoImages/public.png format.

I am trying to figure out what is going on with the access of my bucket demo.terraform.bucket . Why I can't access images using that syntacs https://s3-<region>.amazonaws.com/<bucket name>/VideoImages/public.png ?

Bucket policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowPublicReadVideoImages",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::demo.terraform.bucket/VideoImages/*"
        },
        {
            "Sid": "AllowPublicReadMarketing",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::demo.terraform.bucket/MarketingResources/*"
        }
    ]
}

And I have Block all public access set to Off

1 answers

solution1
 1 ACCPTED  2020-11-05 13:29:32

s3-us-east-1.amazonaws.com returns NXDOMAIN for A/AAAA queries, ie it doesn't exist. Domains of the format s3-<region>.amazonaws.com are legacy and exist only for select regions with often non-standard names. You should no longer use them.

The modern format for S3 domains is s3.dualstack.<region>.amazonaws.com/<bucket> . Stick to that and don't forget the dualstack bit for IPv6 support.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS S3 - java.net.UnknownHostException: repo-user-bucket.s3.us-west-2.amazonaws.com "Unable to execute HTTP request: Connect to <bucket-name>.s3.amazonaws.com:443 failed: connect timed out AmazonAWS securing S3 Bucket videos 'foo.bar.com.s3.amazonaws.com' doesn't match either of '*.s3.amazonaws.com', 's3.amazonaws.com' How to avoid .s3-website-us-east-1.amazonaws.com/ in the URL? Is it possible to create a S3 Bucket in us-east-1 using AWS Python Boto3 Status code 500 Paperclip amazon s3 connection refused - (Connection refused - connect(2) for “bucket.s3.amazonaws.com” port 443 Is it possible to map subdomain to a folder in S3 bucket? AWS - Error - The remote name could not be resolved: 's3.amazonaws.com' Couldn't resolve host 'bucket.s3.amazonaws.com' on virtual machine
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM