通过AWS Endpoints从内网访问S3

AWS S3作为非结构化数据的存储,经常会有内网中的app调用的需求。S3默认是走公网访问的,如果内网app通过公网地址访问S3并获取数据会消耗公网带宽费用。如下图所示:

AWS 提供了一种叫做endpoints的资源,这种资源可以后挂S3服务,使得内网服务可以不出公网访问S3.

VPC endpoints for Amazon S3 simplify access to S3 from within a VPC by providing configurable and highly reliable secure connections to S3 that do not require an internet gateway or Network Address Translation (NAT) device. When you create a S3 VPC endpoint, you can attach an endpoint policy to it that controls access to Amazon S3.

创建endpoints时,如果是S3,需选择gateway类型。

There are three types of VPC endpoints -- Interface endpoints, Gateway Load Balancer endpoints, and Gateway endpoints. Interface endpoints and Gateway Load Balancer endpoints are powered by AWS PrivateLink, and use an Elastic Network Interface (ENI) as an entry point for traffic destined to the service. Interface endpoints are typically accessed using the public or private DNS name associated with the service, while Gateway endpoints and Gateway Load Balancer endpoints serve as a target for a route in your route table for traffic destined for the service.

创建完成后(按需配置VPC,route table等),即可使用https://{{bucket-name}}.s3.ap-southeast-1.amazonaws.com通过aws内网(骨干网)访问S3了。

图片参考:https://www.youtube.com/watch?v=jo3X_aay4Vs

相关推荐
运维开发王义杰18 小时前
信息安全:GitLab与AWS OIDC集成的深度解析,IAM信任策略中的条件配置
云计算·gitlab·aws
阿雄不会写代码2 天前
python-pptx 库(最常用,适合生成/修改 PPT 文件)
云计算·aws
AWS官方合作商3 天前
构建企业级区块链网络:基于AWS EC2的弹性、高可用解决方案
网络·区块链·aws
fyihdg4 天前
aws上创建jenkins
云计算·aws
TG_yilongcloud4 天前
亚马逊云代理商:如何选择适合的AWS EC2实例类型?
服务器·云计算·aws·实例类型
运维开发王义杰5 天前
AWS:AssumeRole背后真正的安全哲学,不仅是迂回
安全·云计算·aws
一袋米扛几楼987 天前
【物联网】BLE 系统架构全景图
python·物联网·aws
艾小米8 天前
AWS申请增加弹性IP配额流程
云计算·aws
TG_yilongcloud9 天前
AWS亚马逊云账号注册指南
服务器·云计算·aws
可观测性用观测云10 天前
AWS OpenSearch 可观测最佳实践
aws