通过AWS Endpoints从内网访问S3

AWS S3作为非结构化数据的存储,经常会有内网中的app调用的需求。S3默认是走公网访问的,如果内网app通过公网地址访问S3并获取数据会消耗公网带宽费用。如下图所示:

AWS 提供了一种叫做endpoints的资源,这种资源可以后挂S3服务,使得内网服务可以不出公网访问S3.

VPC endpoints for Amazon S3 simplify access to S3 from within a VPC by providing configurable and highly reliable secure connections to S3 that do not require an internet gateway or Network Address Translation (NAT) device. When you create a S3 VPC endpoint, you can attach an endpoint policy to it that controls access to Amazon S3.

创建endpoints时,如果是S3,需选择gateway类型。

There are three types of VPC endpoints -- Interface endpoints, Gateway Load Balancer endpoints, and Gateway endpoints. Interface endpoints and Gateway Load Balancer endpoints are powered by AWS PrivateLink, and use an Elastic Network Interface (ENI) as an entry point for traffic destined to the service. Interface endpoints are typically accessed using the public or private DNS name associated with the service, while Gateway endpoints and Gateway Load Balancer endpoints serve as a target for a route in your route table for traffic destined for the service.

创建完成后(按需配置VPC,route table等),即可使用https://{{bucket-name}}.s3.ap-southeast-1.amazonaws.com通过aws内网(骨干网)访问S3了。

图片参考:https://www.youtube.com/watch?v=jo3X_aay4Vs

相关推荐
moppol9 小时前
Serverless 架构入门与实战:AWS Lambda、Azure Functions、Cloudflare Workers 对比
云原生·serverless·aws
观测云9 小时前
观测云 × AWS SSO:权限治理可观测实践
云计算·aws
_可乐无糖10 小时前
AWS WebRTC: 判断viewer端拉流是否稳定的算法
linux·服务器·webrtc·aws
AWS官方合作商10 天前
AWS ACM 重磅上线:公有 SSL/TLS 证书现可导出,突破 AWS 边界! (突出新功能的重要性和突破性)
服务器·https·ssl·aws
fanstuck10 天前
AI驱动的DevOps运维与云服务部署自动化
运维·aws·自动化运维
忘记安全带10 天前
AWS EC2使用SSM会话管理器连接
服务器·网络·自动化·云计算·aws
AWS官方合作商12 天前
告别停机烦恼!AWS EC2实例升级的“零中断”实战方案
云计算·运维开发·aws
亚林瓜子12 天前
设置AWS EC2默认使用加密磁盘
云计算·磁盘·aws·加密
忍者算法12 天前
亚马逊认证考试系列 - 第一部份:基础服务 - AWS SAA C03
云计算·aws
亚林瓜子13 天前
AWS Security Hub邮件告警设置
云计算·aws·email·sns·security hub·eventbridge·findings