2

I have a private subnet in my VPC. I've sshed into this instance from a public subnet. Using a nat gateway, I'm able to run aws s3 ls and see all my buckets with no issues.

Once I delete the nat gateway from my route table associated with my private subnet and add my VPC endpoint that opens full access to s3, I still can't list my buckets. What are some of the things I could be doing wrong?

The network ACL I have associated with both of my subnets is totally open.

Improve this question
2
  • "can't list my buckets" What happens when you try? Are you specifying your local region? Commented Sep 7, 2018 at 22:31
  • Did you add the VPC endpoint to your route table for the private subnet? The Main route table should not be used for the private subnet. Commented Sep 9, 2018 at 17:43

1 Answer 1

Reset to default
0

This is a very good resource for troubleshooting VPC Endpoint to S3 issues. https://aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint/

The TL;DR troubleshooting steps are:

  1. DNS resolution must be enabled in your VPC
  2. Be sure there's a route to Amazon S3 using the gateway VPC endpoint
  3. Ensure the available outbound rules allow traffic to Amazon S3
  4. Do Network ACL rules allow inbound from TCP ports 1024-65535 and outbound to S3
  5. Review the endpoint policy. Check if the policy blocks access to the S3 bucket or to the IAM user affected by the connectivity issues.
  6. Check the bucket policy allows access from the gateway VPC endpoint and the VPC that you want to connect.
  7. Be sure the users associated with the IAM user or role have the correct permissions to access Amazon S3
  8. Make sure your AWS CLI configuration is correct.
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.