1

Not sure what I'm missing here.

I've got an S3 bucket. I've got an EC2 instance.

I created a VPC endpoint and associated it with ALL the subnets in my VPC, with the default policy:

{
"Statement": [
    {
        "Action": "*",
        "Effect": "Allow",
        "Resource": "*",
        "Principal": "*"
    }
]
}

My understanding is that I should now be able to access my S3 bucket from my EC2 instance.

When I try and grab anything from the S3 instance it seems to hang for ages and then gives:

read-s3object : A WebException with status ConnectFailure was thrown. At line:1 char:1
+ read-s3object -bucketname go-hubble-team-city-bucket -key 1.exe -file t.exe
+ 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: 
(Amazon.PowerShe...dS3ObjectCmdlet:ReadS3ObjectCmdlet) [Read-S3Object]
   , InvalidOperationException
   + FullyQualifiedErrorId : 


Amazon.Runtime...,Amazon.PowerShell.Cmdlets.S3.ReadS3ObjectCmdlet

...regardless of whether the object is in the bucket. I'm pretty sure the request is not getting to the bucket.

Any ideas? I'm not sure how to go about troubleshooting this.

Tim
  • 30,383
  • 6
  • 47
  • 77
Tom
  • 136
  • 1
  • 2
  • 8

1 Answers1

1

Set up a route table to allow the instance to access the endpoint. Note that the VPC, endpoint, and bucket all need to be in the same region. Here's what mine looks like.VPC S3 Endpoint Route Table

Note that my VPC happens to be in US-West-2. When you start typing the endpoint ID it populates the text correctly.

There's documentation here.

Tim
  • 30,383
  • 6
  • 47
  • 77
  • Why us-west-2? Just as an example, I assume, but potentially confusing, since the bucket mentioned in the question is in eu-west-1. – Michael - sqlbot Sep 10 '17 at 01:00
  • @Michael-sqlbot that's where this VPC is. The text is added automatically when you type the target in. – Tim Sep 10 '17 at 02:33