add route in route table for aws client vpn endpoint to access S3 static website without exposing 0.0.0.0/0
Question
I have a static website setup in S3 with a bucket policy that denies access to the website (simple index.html) unless it is from a VPC Endpoint. I configured the VPC Endpoint as com.amazonaws.us-east-1.s3 service: Gateway . If I add 0.0.0.0/0 into my AWS Client VPN route table, I am able to access the website, only when connected to the VPN as expected, but I want to prevent using the VPN for general website traffic, essentially removing 0.0.0.0/0. I think I can do this with split traffic enabled on the VPN, but I don't want to keep 0.0.0.0/0 in the vpn route table if I dont need to.
So in short, is there an ip address for the vpc endpoint or which ip could I use to explicitly direct traffic to the private website?
1 answers
solution1
0 2021-12-09 05:21:09
Sadly you can't do this . S3 buckets in website mode are only available through internet . You can't make S3 website endpoint private and accessible from withing a VPC. The connections must come from the internet.
If you really want a private website, you have to host it yourself, on tiny instance or ecs container. Then you will be able to access it from within VPC only.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.