Amazon Advertising API is not working with custom VPC endpoint policy for S3.
I have two S3 buckets and two EC2 instances in two VPCs. Created VPC endpoints to access S3 bucket.
I need to connect bucket test1
from EC2-1
in VPC1
and bucket test2
from EC2-2
in VPC2
. Need to block access from EC2-1
to bucket test2
and EC2-2
to bucket test1
.
These 2 buckets are under an AWS account and using same IAM user credentials to access these buckets.
Policy which I used for VPC Endpoint for S3 in VPC1
:
{
"Statement": [
{
"Sid": "Access-to-specific-bucket-only",
"Principal": "*",
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::test1",
"arn:aws:s3:::test1/*"
]
}
]
}
This policy is working fine. But, I need to access Amazon Advertising API from my EC2 instances. Now, which gives a connection error. It will work when I give Full Access, that I do not want. Please help me to set up a custom policy.
Note: Amazon Advertising API URL start with https://amazon-advertising-api-reports-prod-usamazon.s3.amazonaws.com