0

I'm following this page to publish a static website hosted on a S3, using ALB : https://aws.amazon.com/fr/blogs/networking-and-content-delivery/hosting-internal-https-static-websites-with-alb-s3-and-privatelink/

So this what I have :

A VPC endpoint of type Interface, configured to expose the service S3

A Bucket containing the files, with such permission to allow access from the VPC endpoint

{
"Version": "2012-10-17",
"Id": "Policy1415115909152",
"Statement": [
    {
        "Sid": "Access-to-specific-VPCE-only",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:GetObject",
        "Resource": [
            "arn:aws:s3:::tempo.domainname.kj",
            "arn:aws:s3:::tempo.domainname.kj/*"
        ],
        "Condition": {
            "StringEquals": {
                "aws:SourceVpce": "vpce-12345678"
            }
        }
    }
]

A target group constantly checking the bucket

An ALB operating a forward to the target group

The problem is : the target group is correctly configured according to my lab, but I have a request time out

enter image description here

enter image description here

Does even a target group is able to work on S3 buckets ?

If yes, do you know how it's supposed to work ?

Matthew
  • 459
  • 2
  • 5
  • 16
  • Have you configured the s3 bucket for static website hosting? If not, then you have to replace slash to some filename in health check path. – Ankush Jain Apr 13 '23 at 14:25
  • Yes it's enabled with index.html as index document, and the file is existing in the bucket. – Matthew Apr 13 '23 at 14:35

1 Answers1

0

I found the problem, in my case the default SG that you have to configure when you create the VPC endpoint was too restrictive as I had no inbound rules.

I've add an inbound rule (it's a lab so I've make it too open by allowing 0.0.0.0/0 for the test) and it worked.

Matthew
  • 459
  • 2
  • 5
  • 16