阅读背景:

AWS .NET SDK:无法从S3端点访问S3

来源:互联网 

my web servers needs to access S3. When I place them in the public subnets, or place them in the private subnets and use NAT gateways, everything works fine:

我的Web服务器需要访问S3。当我将它们放在公共子网中,或将它们放在私有子网中并使用NAT网关时,一切正常:

IAmazonS3 client = new AmazonS3Client("myaccesskey", "mysecretkey", enRegion);
PutObjectRequest putReq = new PutObjectRequest();
putReq.FilePath = "c:\temp\myphoto.jpg";
putReq.BucketName = "MyBucket";
putReq.Key = "myphoto.jpg";
PutObjectResponse putResp = client.PutObject(putReq);

Now I tried to place the web servers in the private subnet with S3 endpoints, my code can no longer access S3. Do I need to change the code?

现在我尝试将Web服务器放在具有S3端点的私有子网中,我的代码无法再访问S3。我需要更改代码吗?

1 个解决方案

#1


1  

Just a FYI VPC's are truly private. Only traffic that you explicitly allow can transit the borders of the VPC.

只是一个FYI VPC是真正的私人。只有您明确允许的流量才能通过VPC的边界。

So, inside a VPC, instances needing access to external resources either need to be assigned an EIP (in which case they can access external resources using AWS's infrastructure), or you need to provide a NAT host (in which case all of the traffic egresses the VPC via your own NAT).

因此,在VPC内部,需要为外部资源访问的实例需要分配EIP(在这种情况下,他们可以使用AWS的基础架构访问外部资源),或者您需要提供NAT主机(在这种情况下,所有流量出口) VPC通过您自己的NAT)。

As of May 11th, 2015, AWS has released a "VPC Endpoint" for S3, which allows access to S3 directly from a VPC without having to go through a proxy host or NAT instance

截至2015年5月11日,AWS已发布S3的“VPC端点”,允许直接从VPC访问S3,而无需通过代理主机或NAT实例

You Can Create Endpoint, choose the desired VPC, and customize the access policy (if you want):

您可以创建端点,选择所需的VPC,并自定义访问策略(如果需要):

Please Refer AWS Blog Post For Details.

有关详细信息,请参阅AWS博客文章。

Hope this helps.

希望这可以帮助。


分享到: