I am receiving "Could not connect to the endpoint URL: "https://s3.amazonaws.com/" from inside EC2 instance running in private subnet
Here is a configuration:
Created one VPC with 2 private subnets (yes.. no public) that is connected to our datacenter using VPN connection. This VPC does not have any IG or NAT.
Created EC2 instance(Amazon Linux AMI) inside one of the private subnet.
- Connected to EC2 using Putty- successfully.
Now created an endpoint - S3 that is connected to the VPC (in step1) and policy is as follows (as presented by aws management console):
{ "Statement": [ { "Action": "*", "Effect": "Allow", "Resource": "*", "Principal": "*" } ] }
- Routing is automatically added to the VPC routing where destination is pl-xxxxxxxx(com.amazonaws.us-east-1.s3) and target is the endpoint created in step4, status Active, Propogated - No
- Added 2 outbound rules in Security Group for the VPC: (HTTP:80, HTTP:443) to destination prefix s3 endpoint starting with pl-xxxxxxxx (same as step 5).
- Created a bucket in S3 using amazon management console
Edited bucket policy as follows
{ "Version": "2012-10-17", "Id": "Policy1459706251964", "Statement": [ { "Sid": "Stmt1459706246215", "Effect": "Allow", "Principal": "*", "Action": "s3:*", "Resource": [ "arn:aws:s3:::mybucket/*", "arn:aws:s3:::mybucket" ] } ] }
Now entered following command in putty session
aws s3 ls --debug --endpoint-url https://s3.amazonaws.com/mybucket
I got "EndpointConnectionError: Could not connect to the endpoint URL in #9
I know I am missing something..Any help will be greatly appreciated..
us-east1.s3.amazonaws.com
, but that's almost certainly invalid. In the us-east-1 region, the correct endpoints for S3 ares3.amazonaws.com
ors3-external-1.amazonaws.com
. – Michael - sqlbot3 routes defined- 1) <VPC CIDR> as Destination, "local" as Target, "Active" as Status and "No" as "Propogated" 2)<pl-xxxxxxx> as Destination, "<vpcendpoint>" as Target, "Active" as Status and "No" as "Propogated" 3) 0.0.0.0/0 as Destination, "<VGW>" as Target, "Active" as Status and "Yes" as Propogated
Then I relaxed the outbound rules on Security Groups associated with this VPC and allowed all traffic. – user2939101