Reputation: 796
Private S3 static website accessed only by API Gateway
I want to set up a static S3 website that is only accessible via API Gateway, so what I've done is.
S3 side
1. Enabled static website hosting on the S3 bucket.
2. Blocked all public access.
3. Put in a bucket policy that only allows my VPC Endpoint to access it.
{
"Version": "2012-10-17",
"Id": "VPCe",
"Statement": [
{
"Sid": "VPCe",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::my-bucket.com/*",
"Condition": {
"StringNotEquals": {
"aws:SourceVpce": "vpce-my-vpce"
}
}
}
]
}
API Gateway side
1. Mapped that same VPCE to the API
2. Created a proxy resource
3. In the integration request, I made it HTTP and put my S3 website URL as the endpoint URL, content handling as passththrough.
4. But when I test this through APIGW, I get access denied.
Is there something I'm missing, or am I wrong to expect this to work?
I get a 403, Access Denied on this.
Upvotes: 0
Views: 1694
Answers (1)
Reputation: 238309
I want to set up a static S3 website that is only accessible via API Gateway,
You can't do this, as its not possible. S3 static websites are only accessible through public URL, thus you need to access it from the internet.
They are not meant to be accessed from VPC using private IP addresses or any VPC endpoints.
If you want to have private static website, you have to host it yourself on private EC2 instance or ECS container.
Upvotes: 1
Related Questions
- Only allow EC2 instance to access static website on S3
- Restrict access to API Gateway to traffic coming from static website in S3
- AWS Api Gateway and S3
- AWS API Gateway restricted access from S3 static web page only
- Can S3 Website access API Gateway Private Endpoints?
- Restrict access to S3 static website that uses API Gateway as a proxy
- How to invoke API Gateway only from static s3 site
- How to protect AWS API gateway URL from unauthorized access?
- How to make an AWS static website visible to my firm only
- Limiting public api gateway to specific IP