How to configure access to my aws s3 bucket from aws ec2 instance via VPC

1
votes

I have installed nginx with kaltura-nginx-vod module on EC2. I would like to set up private remote read-only mode to my s3 bucket via http. Example of the desired nginx configuration:

vod_upstream_location /s3;

location /s3/ {
  internal;
  proxy_pass http://my-s3-bucket.s3-eu-east-1.amazonaws.com/;
}

I tried to create Access Point to my s3. In the settings I had pointed Access option to my VPC, but cURL returned 403 from EC2 when I tried to get some object from s3 by http url. Also I had created IAM role with read-only S3 access and assign to my EC2, but result was same - 403.

How to set up private http-access from EC2 to s3 bucket via virtual private amazon network in same region?

1
amazon-web-servicesnginxamazon-s3amazon-ec2

1 Answers

1
votes

This does not work because you can't access objects based on their URL, unless they are public. Since you've assigned IAM role to the EC2 instance you have to make signed http request to the object using the object's url with EC2 instance role credentials.

So either have to construct the valid signature yourself, or simply use AWS SDK, such as boto3 for python, to do this for you. By looking at the kaltura-nginx-vod description it does not seem to be making any signed requests to S3 on your behalf.