Cross Region S3 bucket policy

amazon-ec2 amazon-web-services amazon-s3
10,438

Solution 1

All buckets are reachable by using the s3.amazonaws.com endpoint. When you use this endpoint, if the bucket is in a non-Standard US region, then you will be redirected to the correct endpoint. This is the only region/endpoint where this trick works.

If the bucket is in the Standard US region, then you must use the s3.amazonaws.com endpoint. None of the other regional endpoints will work.

If you use the correct endpoint for your bucket, you can access the bucket from any region.

Please see http://docs.amazonwebservices.com/general/latest/gr/rande.html#s3_region for full S3 Region explainations.

Solution 2

Regarding VPCs, please note the following:

If you want to connect from a VPC in region A to a bucket in region B, it is not sufficient to connect an S3 endpoint to your VPC, as you can only access buckets from Region A via this endpoint. Instead, you would need to connect via the public internet to the bucket in region B from your VPC in region A.

See also https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints-s3.html

which states:

Endpoints currently do not support cross-region requests—ensure that you create your endpoint in the same region as your bucket.

And https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpce-gateway.html#vpc-endpoints-limitations

which states:

Endpoints are supported within the same region only. You cannot create an endpoint between a VPC and a service in a different region.

Share:
10,438

Related videos on Youtube

Martin
Author by

Martin

Updated on September 18, 2022

Comments

  • Martin
    Martin over 1 year

    I would like to allow EC2 servers based in us-east-1 to read content from a bucket in us-west-2.

    Every time I try I get a "The Bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint"

    Is it actually possible to allow such thing, or are s3 buckets locked up to one region?

    • Ssingh
      Ssingh over 11 years
      can you post which tool you use to access the buckets and the exact address ? Guessing from the error you need to provide the right endpoint. Example for us-west-2 you should use something like that bucket_name.s3-us-west-2.amazonaws.com
    • Martin
      Martin over 11 years
      I am using CloudFormation to access that bucket. i have something like this in my configs "Resource": "arn:aws:s3:::my-bucket-name/*"

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Shell script to Upload files from AWS EC2 to S3
AWS S3 File Upload: S3Client Class Not Found
S3 AWS download Speed
Unknown Options when Using aws s3 mv
AWS S3 CLI - Connection was closed before we received a valid response from endpoint
Is possible to reduce AWS data transfer costs using any other AWS resource?
Amazon Cloud Formation: Import file from S3 bucket
AWS - Status check fails when loading AMI created from snapshot
Should I persist images on EBS or S3?
Using an IP Address to Point to Amazon S3 Storage