Managing Amazon S3 access with VPC endpoints and S3 Access Points
To Nha Notes | April 17, 2024, 2:17 p.m.
Create an Amazon S3 gateway endpoint in your VPC
We then create an Amazon S3 VPC Gateway endpoint to make sure that all S3 traffic is routed via this S3 VPC endpoint.
- Navigate to the Amazon VPC console and click Endpoints from the left navigation menu. Choose Create Endpoint.
- Search and select endpoints for S3.
- Select the VPC and subnet where you want the endpoint to be created. Only resources in the selected subnets are able to access the Amazon S3 endpoint.
- Under the Policy section, select custom and paste the following policy into the text-area. Make sure you replace the <Account ID> with the ID of the account of your account.
Note that we use a wild card “*” to specify the Access Point ARN. This allows access to any new Amazon S3 access points created under the account and eliminates the process of manually editing VPC endpoint policies.
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "*",
"Resource": "*"
}
]
}
JSON
- Click Create Endpoint.