0

I have a static website setup in S3 with a bucket policy that denies access to the website (simple index.html) unless it is from a VPC Endpoint. I configured the VPC Endpoint as com.amazonaws.us-east-1.s3 service: Gateway. If I add 0.0.0.0/0 into my AWS Client VPN route table, I am able to access the website, only when connected to the VPN as expected, but I want to prevent using the VPN for general website traffic, essentially removing 0.0.0.0/0. I think I can do this with split traffic enabled on the VPN, but I don't want to keep 0.0.0.0/0 in the vpn route table if I dont need to.

So in short, is there an ip address for the vpc endpoint or which ip could I use to explicitly direct traffic to the private website?

4

1 回答 1

1

可悲的是你不能这样做。网站模式下的 S3 存储桶只能通过 Internet 获得。您无法通过 VPC 将 S3 网站终端节点设为私有且可访问。连接必须来自互联网。

如果你真的想要一个私人网站,你必须自己托管它,在小实例或 ecs 容器上。然后,您将只能从 VPC 中访问它。

于 2021-12-09T05:21:09.677 回答