Using an IP Address to Point to Amazon S3 Storage
I assume this is to work with geniuses who love static firewall rules.
There is probably not a better way, unfortunately. You simply have to put a proxy with a fixed IP address in front of S3 to present the client with a fixed IP. You could in theory pick an existing S3 IP, but it might change from underneath you if amazon changes their network.
We have similar trouble with some of our customers who insist that white-listing allowed sites by IP address is somehow "more secure" than using a filtering proxy (or even reasonable given the pace of change on the internet). We can't use CDNs because of this (although anycast-based CDNs such as MaxCDN or CacheFly might work out, we're testing).
I would not use squid unless you're a complete masochist. Nginx would be a much better option as a reverse-proxy: smaller, faster, more secure, easier to configure.
Related videos on Youtube
02 : 45
03 : 17
02 : 53
02 : 20
01 : 29
Comments
-
Tyndall over 1 year
Is there a way to get an IP address to refer to Amazon S3 Storage location? The current solution my company is thinking of going with involves setting up a EC2 server with an Elastic IP and using Squid as a Proxy to the S3 location. Is there a better way?
-
ceejayoz about 12 yearsGood answer. The "what IP should we whitelist" thing drives me bonkers.
-
Tyndall about 12 yearsThis is for those geniuses. Actually customer geniuses. +1
-
davur over 7 yearsThe overall tone regarding these so called 'geniuses' made me question whether there's an alternative to providing IP addresses on request - serverfault.com/q/817818/87952 (@ceejayoz I welcome your thoughts also)
-
J. Singh over 7 years@davur in the last few years we've taken a firm stance, and gotten away with "How do you whitelist Google? Or Salesforce.com? We need to be handled the same way. We do not provide a list of IP addresses because they change daily. Welcome to The Cloud." To my knowledge, we've not lost a single customer or prospect as a result.
